CGI::Application::PlugUserRContributed)CGI::Application::Plugin::RequireSSL(3)NAMECGI::Application::Plugin::RequireSSL - Force SSL in specified pages or
modules
VERSION
Version 0.04
SYNOPSIS
use CGI::Application::Plugin::RequireSSL;
sub login_form :RequireSSL {
my $self = shift;
# etc
}
DESCRIPTIONCGI::Application::Plugin::RequireSSL allows individual run modes or
whole modules to be protected by SSL. If a standard HTTP request is
received, you can specify whether an error is raised or if the request
should be redirected to the HTTPS equivalent URL.
EXPORT
Exported methods:
config_requiressl, mode_redirect
USAGE
run mode-level protection
run mode protection is specified by the RequireSSL attribute after the
method name:
sub process_login :RequireSSL {
my $self = shift;
}
Module-level protection
You can protect a complete module by setting the 'require_ssl'
parameter in your instance script:
use MyApp;
my $webapp = MyApp->new(
PARAMS => {require_ssl => 1}
);
$webapp->run();
Redirecting to a protected URL.
By default, an error is raised if a request is made to a protected run
mode or module using HTTP. However, you can specify that the request is
redirected to the HTTPS url by setting the rewrite_to_ssl parameter as
long as the requested method is not POST:
my $webapp = MyApp->new(
PARAMS => {rewrite_to_ssl => 1}
);
Turning off checks.
If you need to turn off checks, simply set the ignore_check parameter
when configuring the plugin (see "config_requiressl" below).
Reverting to HTTP
Once a successful request is made to a protected run mode or module,
subsequent requests to a non-protected run mode or module will revert
to using HTTP. To prevent this from happening, set the parameter
keep_in_ssl in the configuration (see "config_requiressl" below)
METHODS
config_requiressl
Optionally configure the plugin in your cgiapp_init method
$self->config_requiressl(
keep_in_ssl => 0,
ignore_check => 0,
)
Valid parameters are:
· keep_in_ssl - if set, all subsequent requests following one to a
protected run mode or module will be via HTTPS.
· ignore_check - ignore SSL schecking. This is useful if your
application is deployed in an environment that doesn't support SSL.
mode_redirect
This is a run mode that will be automatically called if the request
should be redirected to the equivalent HTTP or HTTPS URL. You should
not call it directly.
AUTHOR
Dan Horne, "<dhorne at cpan.org>"
BUGS
Please report any bugs or feature requests to
"bug-cgi-application-plugin-requiressl at rt.cpan.org", or through the
web interface at
http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-RequireSSL
<http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-
RequireSSL>. I will be notified, and then you'll automatically be
notified of progress on your bug as I make changes.
CAVEAT
This module been tested under the FastCGI persistent environment, but
not under mod_perl. The author would apprecaute feedback from anyone
who is able to test with that environment.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc CGI::Application::Plugin::RequireSSL
You can also look for information at:
· AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/CGI-Application-Plugin-RequireSSL
<http://annocpan.org/dist/CGI-Application-Plugin-RequireSSL>
· CPAN Ratings
http://cpanratings.perl.org/d/CGI-Application-Plugin-RequireSSL
<http://cpanratings.perl.org/d/CGI-Application-Plugin-RequireSSL>
· RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=CGI-Application-Plugin-RequireSSL
<http://rt.cpan.org/NoAuth/Bugs.html?Dist=CGI-Application-Plugin-
RequireSSL>
· Search CPAN
http://search.cpan.org/dist/CGI-Application-Plugin-RequireSSL
<http://search.cpan.org/dist/CGI-Application-Plugin-RequireSSL>
ACKNOWLEDGEMENTS
· Users of the CGI::Application wiki (http://www.cgi-app.org) who
requested this module.
· Andy Grundman - I stole the idea of the keep_in_ssl parameter from
his Catalyst::Plugin::RequireSSL module
COPYRIGHT & LICENSE
Copyright 2007 Dan Horne, all rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
perl v5.14.12007-CGI::Application::Plugin::RequireSSL(3)