[Catalyst-dev] Re: The RequireSSL problem
Jesse Sheidlower
jester at panix.com
Wed Dec 26 14:43:34 GMT 2012
On Wed, Dec 26, 2012 at 03:19:42AM +0100, Aristotle Pagaltzis wrote:
> * Jesse Sheidlower <jester at panix.com> [2012-12-25 18:50]:
> > Right now my solution is to do nothing on my production machine (on
> > which I never run the dev server) and to comment things out in
> > RequireSSL.pm on my laptop (on which I can then _only_ run the dev
> > server), but what should we do about this in general?
>
> What exactly is your requirement?
Same as what's provided by either RequireSSL module--the ability to
easily switch a _particular_ request on to SSL, from a Catalyst
controller. In my case I redirect all login forms to SSL, and all
view-user pages.
> I extracted Plack::Middleware::RedirectSSL just the other day from the
> $work code base and released it to the CPAN tonight. Will that fit your
> bill?
Not sure--I don't use Plack directly and can't quickly learn enough
about it to see--but it seems to me that this will just change _all_
requests to one scheme or another. What I need, and what I'd imagine
most people would want, is the ability to handle this in a Catalyst
controller, on an as-needed basis.
But apart from my needs--and I can always just check the requests
manually and redirect them myself, but there are some quirks that are
the reason for having a module do this for me--there is the overall
problem that the two RequireSSL modules are broken under 5.9x. And
that's why I sent this to the dev list. If
Plack::Middleware::RedirectSSL does (or can be made to do) what I want,
we still need to rewrite or deprecate C::P::RequireSSL and
C::AR::RequireSSL. (And perhaps add a bit to the Cookbook about this
solution. I volunteer, if this is (or can be made to be) the solution.)
Jesse
More information about the Catalyst-dev
mailing list