Dan Horne > CGI-Application-Plugin-RequireSSL > CGI::Application::Plugin::RequireSSL

Download:
CGI-Application-Plugin-RequireSSL-0.04.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.04   Source  

NAME ^

CGI::Application::Plugin::RequireSSL - Force SSL in specified pages or modules

VERSION ^

Version 0.04

SYNOPSIS ^

    use CGI::Application::Plugin::RequireSSL;

    sub login_form :RequireSSL {
        my $self = shift;
        # etc
    }

DESCRIPTION ^

CGI::Application::Plugin::RequireSSL allows individual run modes or whole modules to be protected by SSL. If a standard HTTP request is received, you can specify whether an error is raised or if the request should be redirected to the HTTPS equivalent URL.

EXPORT ^

Exported methods: config_requiressl, mode_redirect

USAGE ^

run mode-level protection

run mode protection is specified by the RequireSSL attribute after the method name:

    sub process_login :RequireSSL {
        my $self = shift;
    }

Module-level protection

You can protect a complete module by setting the 'require_ssl' parameter in your instance script:

    use MyApp;
    my $webapp = MyApp->new(
        PARAMS => {require_ssl => 1}
    );
    $webapp->run();

Redirecting to a protected URL.

By default, an error is raised if a request is made to a protected run mode or module using HTTP. However, you can specify that the request is redirected to the HTTPS url by setting the rewrite_to_ssl parameter as long as the requested method is not POST:

    my $webapp = MyApp->new(
        PARAMS => {rewrite_to_ssl => 1}
    );

Turning off checks.

If you need to turn off checks, simply set the ignore_check parameter when configuring the plugin (see "config_requiressl" below).

Reverting to HTTP

Once a successful request is made to a protected run mode or module, subsequent requests to a non-protected run mode or module will revert to using HTTP. To prevent this from happening, set the parameter keep_in_ssl in the configuration (see "config_requiressl" below)

METHODS ^

config_requiressl

Optionally configure the plugin in your cgiapp_init method

    $self->config_requiressl(
        keep_in_ssl => 0,
        ignore_check => 0,
    )

Valid parameters are:

mode_redirect

This is a run mode that will be automatically called if the request should be redirected to the equivalent HTTP or HTTPS URL. You should not call it directly.

AUTHOR ^

Dan Horne, <dhorne at cpan.org>

BUGS ^

Please report any bugs or feature requests to bug-cgi-application-plugin-requiressl at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-RequireSSL. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

CAVEAT ^

This module been tested under the FastCGI persistent environment, but not under mod_perl. The author would apprecaute feedback from anyone who is able to test with that environment.

SUPPORT ^

You can find documentation for this module with the perldoc command.

    perldoc CGI::Application::Plugin::RequireSSL

You can also look for information at:

ACKNOWLEDGEMENTS ^

COPYRIGHT & LICENSE ^

Copyright 2007 Dan Horne, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: