Dan:
This plugin looks interesting. However, unless I am doing something
quite silly (very possible), it doesn't work with the AutoRunmode
plugin. Is there anything though could be done to remedy this?
Michael Petnuch
On May 30, 2007, at 5:32 AM, Dan Horne wrote:
Hi All,
because I had a need to scratch, I've written a module that checks
that designated run modes are invoked under SSL. I figure I should
modify it to meet the requirements for
CGI::Application::Plugin::RequireSSL, as requested at http://
cgiapp.erlbaum.net/index.cgi?PluginsWanted, but I have a few
questions about these requirements:
* If the param 'require_ssl' is present in the instance script,
everything accessed through it will be protected.
* If the subroutine attribute 'RequireSSL' is used, an individual
runmode will be protected.
* If the param 'rewrite_to_ssl' is present, any run modes that are
labeled as 'RequireSSL' (or all run modes if the param
'require_ssl' is present) that are accessed as non-SSL will be
redirected to the same run mode but as HTTPS.
I'm not sure I understand what is meant by "protected." Does this
mean an error is raised if standard HTTP is used when HTTPS is
required?
In the cases where a request is "rewritten," what do keep in the
redirect? I assume all query parameters if the method is "GET,"
but an error is raised if "POST" is used.
In my case, I'd like to be able to turn the SSL checks on or off
based on a flag in my app's config file. This is because the team
members all have personal name-based virtual hosts, and SSL isn't
supported in their environments, although it is in the test,
staging and prod envs, where we could turn the checks on. Is such a
flag something others would find useful?
My module, as it stands, works under FastCGI, but I've heard
rumours that Attributes sometimes have trouble in a mod_perl
environment. It's be great if someone could test it under mp for me
Regards
Dan
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]