Re: SSL and https
I've only just got around to trying this - and it fits the bill really nicely thanks. Jeremy Burns On 18 Feb 2010, at 09:29, jperras wrote: > http://github.com/plank/secured > > -jperras. > > On Feb 17, 12:54 am, Jeremy Burns wrote: >> Any takers on this please? >> >> Jeremy Burns >> jeremybu...@me.com >> >> On 12 Feb 2010, at 05:00, Jeremy Burns wrote: >> >> >> >>> I am using the security component from app_controller. In some >>> controllers I have this in my beforeFilter: >> >>>if (in_array($this->params['action'], $action)): >>>$this->Security->blackHoleCallback = 'forceSSL'; >>>$this->Security->requireSecure(); >>>else: >>>$this->Security->blackHoleCallback = 'unforceSSL'; >>>endif; >> >>> I have these two functions in app_controller: >> >>>function forceSSL() { >> >>>$this->redirect('https://' . env('SERVER_NAME') . $this->here); >> >>>} >> >>>function unforceSSL() { >> >>>$this->redirect('http://' . env('SERVER_NAME') . $this->here); >> >>>} >> >>> This is working in the sense that the right actions in the right >>> controllers are being redirected to https. But once I am in https, I >>> stay there. >> >>> My question is: how do I get the site to go back to http for those >>> controller actions that do not require https? >> >>> Check out the new CakePHP Questions sitehttp://cakeqs.organd help others >>> with their CakePHP related questions. >> >>> You received this message because you are subscribed to the Google Groups >>> "CakePHP" group. >>> To post to this group, send email to cake-php@googlegroups.com >>> To unsubscribe from this group, send email to >>> cake-php+unsubscr...@googlegroups.com For more options, visit this group >>> athttp://groups.google.com/group/cake-php?hl=en > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
I like it! Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
http://github.com/plank/secured -jperras. On Feb 17, 12:54 am, Jeremy Burns wrote: > Any takers on this please? > > Jeremy Burns > jeremybu...@me.com > > On 12 Feb 2010, at 05:00, Jeremy Burns wrote: > > > > > I am using the security component from app_controller. In some > > controllers I have this in my beforeFilter: > > > if (in_array($this->params['action'], $action)): > > $this->Security->blackHoleCallback = 'forceSSL'; > > $this->Security->requireSecure(); > > else: > > $this->Security->blackHoleCallback = 'unforceSSL'; > > endif; > > > I have these two functions in app_controller: > > > function forceSSL() { > > > $this->redirect('https://' . env('SERVER_NAME') . $this->here); > > > } > > > function unforceSSL() { > > > $this->redirect('http://' . env('SERVER_NAME') . $this->here); > > > } > > > This is working in the sense that the right actions in the right > > controllers are being redirected to https. But once I am in https, I > > stay there. > > > My question is: how do I get the site to go back to http for those > > controller actions that do not require https? > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
When I've done this, I usually set specific controllers/actions as $useSSL=true; and force everything else back to non-SSL app_controller.php:beforeFilter ... $this->ishttps = $this->set('ishttps',((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT']==443))); ... app_controller.php:beforeRender ... if (!$this->ishttps && isset($this->shouldBeHTTPS) && $this- >shouldBeHTTPS && !in_array('return',$this->params)) { return $this->redirect('https://'.$_SERVER['HTTP_HOST']. $_SERVER['REQUEST_URI']); } elseif ($this->ishttps && (!isset($this->shouldBeHTTPS) || !$this- >shouldBeHTTPS) && !in_array('return',$this->params)) { return $this->redirect('http://'.$_SERVER['HTTP_HOST']. $_SERVER['REQUEST_URI']); } ... That way, for any controller you can specify: var $shouldBeHTTPS = true; //false or within an action you can change: var $this->shouldBeHTTPS = true; //false thanks, -alan- On Feb 17, 3:50 am, Jeremy Burns wrote: > Thanks John - I'll read, experiment and post back. > > Jeremy Burns > jeremybu...@me.com > > On 17 Feb 2010, at 08:48, John Andersen wrote: > > > > > Hi Jeremy, > > Take a look at the issue in this thread: > >http://groups.google.com/group/cake-php/browse_thread/thread/1c6b4727... > > > There I see the same solution as yours, but with some additional > > information. Maybe it will help you on the way .. or maybe discuss it > > with the original poster! > > Enjoy, > > John > > > On Feb 17, 7:54 am, Jeremy Burns wrote: > >> Any takers on this please? > > >> Jeremy Burns > >> jeremybu...@me.com > > >> On 12 Feb 2010, at 05:00, Jeremy Burns wrote: > > >>> I am using the security component from app_controller. In some > >>> controllers I have this in my beforeFilter: > > >>> if (in_array($this->params['action'], $action)): > >>> $this->Security->blackHoleCallback = 'forceSSL'; > >>> $this->Security->requireSecure(); > >>> else: > >>> $this->Security->blackHoleCallback = 'unforceSSL'; > >>> endif; > > >>> I have these two functions in app_controller: > > >>> function forceSSL() { > > >>> $this->redirect('https://' . env('SERVER_NAME') . $this->here); > > >>> } > > >>> function unforceSSL() { > > >>> $this->redirect('http://' . env('SERVER_NAME') . $this->here); > > >>> } > > >>> This is working in the sense that the right actions in the right > >>> controllers are being redirected to https. But once I am in https, I > >>> stay there. > > >>> My question is: how do I get the site to go back to http for those > >>> controller actions that do not require https? > > >>> Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others > >>> with their CakePHP related questions. > > >>> You received this message because you are subscribed to the Google Groups > >>> "CakePHP" group. > >>> To post to this group, send email to cake-php@googlegroups.com > >>> To unsubscribe from this group, send email to > >>> cake-php+unsubscr...@googlegroups.com For more options, visit this group > >>> athttp://groups.google.com/group/cake-php?hl=en > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
Thanks John - I'll read, experiment and post back. Jeremy Burns jeremybu...@me.com On 17 Feb 2010, at 08:48, John Andersen wrote: > Hi Jeremy, > Take a look at the issue in this thread: > http://groups.google.com/group/cake-php/browse_thread/thread/1c6b4727066173cf/19cf7202211f930d#19cf7202211f930d > > There I see the same solution as yours, but with some additional > information. Maybe it will help you on the way .. or maybe discuss it > with the original poster! > Enjoy, > John > > On Feb 17, 7:54 am, Jeremy Burns wrote: >> Any takers on this please? >> >> Jeremy Burns >> jeremybu...@me.com >> >> On 12 Feb 2010, at 05:00, Jeremy Burns wrote: >> >>> I am using the security component from app_controller. In some >>> controllers I have this in my beforeFilter: >> >>>if (in_array($this->params['action'], $action)): >>>$this->Security->blackHoleCallback = 'forceSSL'; >>>$this->Security->requireSecure(); >>>else: >>>$this->Security->blackHoleCallback = 'unforceSSL'; >>>endif; >> >>> I have these two functions in app_controller: >> >>>function forceSSL() { >> >>>$this->redirect('https://' . env('SERVER_NAME') . $this->here); >> >>>} >> >>>function unforceSSL() { >> >>>$this->redirect('http://' . env('SERVER_NAME') . $this->here); >> >>>} >> >>> This is working in the sense that the right actions in the right >>> controllers are being redirected to https. But once I am in https, I >>> stay there. >> >>> My question is: how do I get the site to go back to http for those >>> controller actions that do not require https? >> >>> Check out the new CakePHP Questions sitehttp://cakeqs.organd help others >>> with their CakePHP related questions. >> >>> You received this message because you are subscribed to the Google Groups >>> "CakePHP" group. >>> To post to this group, send email to cake-php@googlegroups.com >>> To unsubscribe from this group, send email to >>> cake-php+unsubscr...@googlegroups.com For more options, visit this group >>> athttp://groups.google.com/group/cake-php?hl=en > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
Hi Jeremy, Take a look at the issue in this thread: http://groups.google.com/group/cake-php/browse_thread/thread/1c6b4727066173cf/19cf7202211f930d#19cf7202211f930d There I see the same solution as yours, but with some additional information. Maybe it will help you on the way .. or maybe discuss it with the original poster! Enjoy, John On Feb 17, 7:54 am, Jeremy Burns wrote: > Any takers on this please? > > Jeremy Burns > jeremybu...@me.com > > On 12 Feb 2010, at 05:00, Jeremy Burns wrote: > > > I am using the security component from app_controller. In some > > controllers I have this in my beforeFilter: > > > if (in_array($this->params['action'], $action)): > > $this->Security->blackHoleCallback = 'forceSSL'; > > $this->Security->requireSecure(); > > else: > > $this->Security->blackHoleCallback = 'unforceSSL'; > > endif; > > > I have these two functions in app_controller: > > > function forceSSL() { > > > $this->redirect('https://' . env('SERVER_NAME') . $this->here); > > > } > > > function unforceSSL() { > > > $this->redirect('http://' . env('SERVER_NAME') . $this->here); > > > } > > > This is working in the sense that the right actions in the right > > controllers are being redirected to https. But once I am in https, I > > stay there. > > > My question is: how do I get the site to go back to http for those > > controller actions that do not require https? > > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others > > with their CakePHP related questions. > > > You received this message because you are subscribed to the Google Groups > > "CakePHP" group. > > To post to this group, send email to cake-php@googlegroups.com > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: > I am using the security component from app_controller. In some > controllers I have this in my beforeFilter: > > if (in_array($this->params['action'], $action)): > $this->Security->blackHoleCallback = 'forceSSL'; > $this->Security->requireSecure(); > else: > $this->Security->blackHoleCallback = 'unforceSSL'; > endif; > > I have these two functions in app_controller: > > function forceSSL() { > > $this->redirect('https://' . env('SERVER_NAME') . $this->here); > > } > > function unforceSSL() { > > $this->redirect('http://' . env('SERVER_NAME') . $this->here); > > } > > This is working in the sense that the right actions in the right > controllers are being redirected to https. But once I am in https, I > stay there. > > My question is: how do I get the site to go back to http for those > controller actions that do not require https? > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en