[Catalyst] Catalyst Redirect to https

Octavian Rasnita orasnita at gmail.com
Fri Mar 26 07:46:08 GMT 2010 

From: Bill Moseley =

  > 2010/3/25 Octavian Rasnita <orasnita at gmail.com>

    > > The back end servers don't know if the current request is an http o=
r an https one and on each redirect, > > they do the redirection using the =
http scheme.
    > > (I have also set the configuration option using_frontend_proxy to t=
rue.)
    > > =

    > > Also, because the back end servers receive only http requests, $c->=
req->secure is always equal to 0.
    > > I have read that I can set the HTTPS environment variable to "On" a=
nd I put the following line in the =

    > > configuration file of the load balancer Apache server in the virtua=
lhost that handles SSL requests:
    > > =

    > > SetEnv HTTPS On



  > Does that header get to Catalyst?  Obviously, check that first.
  > =


  > I have this in  a "after 'prepare_headers'":
  > =


  >    $res->secure( 1 ) if lc( $req->header( 'Https' ) || '' ) eq 'on';
  > =

  > The load balancer sends all traffic to the same port.  The load balance=
r sets that header for SSL traffic.


  I didn't know that HTTPS should be an HTTP header and not an environment =
variable so I have also added as a header.

  I have put in the configuration file of the back end servers (to be sure =
that it will reach the app):

  SetEnv HTTPS On

  and in the configuration file of the load balancer server:

  RequestHeader set HTTPS On

  And in a test action I have done:

  my $body;
  $body .=3D "HTTPS environment variable: $ENV{HTTPS}<br />\n";
  $body .=3D "HTTPS header: " . $c->req->header('HTTPS') . "<br />\n";
  $body .=3D "secure: " . $c->req->secure . "<br />\n";;
  $c->req->secure(1); #Force it to be true
  $body .=3D "secure: " . $c->req->secure . "<br />\n"; # Check if it is se=
t correctly
  $body .=3D "uri_for_action: " . $c->uri_for_action('/user/login2') . "<br=
 />\n";
  $c->res->body($body);

  And the result is:

  HTTPS environment variable: On
  HTTPS header: On
  secure: 0
  secure: 1
  uri_for_action: http://site.testsite.com:5555/en/user/login2

  So it seems that both the environment variable HTTPS and the header HTTPS=
 are seen by Catalyst, but $c->req->secure is still equal to 0.

  Do I need to add a certain plugin in order to be able to use $c->req->sec=
ure or what could be the problem that it is not set correctly?

  I have read in Catalyst::Request:

  "the URI scheme (eg., http vs. https) must be determined through heuristi=
cs; depending on your server configuration, it may be incorrect. See $req->=
secure for more info."

  And more info:
  "Note that the URI scheme (eg., http vs. https) must be determined throug=
h heuristics, and therefore the reliablity of $req->secure will depend on y=
our server configuration. If you are serving secure pages on the standard S=
SL port (443) and/or setting the HTTPS environment variable, $req->secure s=
hould be valid."

  I am accessing the site using SSL by the 5555 port so I need the HTTPS en=
vironment variable (or HTTP header) but I don't know why $c->req->secure is=
 still not set.

  And finally, even though I forced $c->req->secure to be true, $c->uri_for=
_action still uses the http scheme and not https so in the entire applicati=
on the redirects won't be done correctly and this is the big problem.

  Thanks.


  Octavian


  -- =

  Bill Moseley
  moseley at hank.org



---------------------------------------------------------------------------=
---


  _______________________________________________
  List: Catalyst at lists.scsys.co.uk
  Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
  Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.u=
k/
  Dev site: http://dev.catalyst.perl.org/



  __________ Information from ESET NOD32 Antivirus, version of virus signat=
ure database 4975 (20100325) __________

  The message was checked by ESET NOD32 Antivirus.

  http://www.eset.com




__________ Information from ESET NOD32 Antivirus, version of virus signatur=
e database 4975 (20100325) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100326/33009=
268/attachment.htm

More information about the Catalyst mailing list