Hi Michael I've never used the AutoRunmode plugin. I wonder if there is some sort of clash with the attributes, since both AutoRunmode and RequireSSL use them. Maybe you could post your code, and I could see if it's anything obvious. Unfortunately, I'm moving cities, and am trying to tie up all my loose work ends, pack house, etc ... so I don't have time to look into this in great detail. However, if you have time to investigate, I am more than happy to provide assistance, answer questions, etc.
Dan > -----Original Message----- > From: Michael Petnuch [mailto:[EMAIL PROTECTED] > Sent: Monday, 16 July 2007 3:55 p.m. > To: Dan Horne > Cc: Michael Petnuch; [email protected] > Subject: Re: [cgiapp] RequireSSL > > Dan: > > This plugin looks interesting. However, unless I am doing > something quite silly (very possible), it doesn't work with > the AutoRunmode plugin. Is there anything though could be > done to remedy this? > > Michael Petnuch > > On May 30, 2007, at 5:32 AM, Dan Horne wrote: > > > Hi All, > > > > because I had a need to scratch, I've written a module that checks > > that designated run modes are invoked under SSL. I figure I should > > modify it to meet the requirements for > > CGI::Application::Plugin::RequireSSL, as requested at http:// > > cgiapp.erlbaum.net/index.cgi?PluginsWanted, but I have a > few questions > > about these requirements: > > > > * If the param 'require_ssl' is present in the instance script, > > everything accessed through it will be protected. > > * If the subroutine attribute 'RequireSSL' is used, an individual > > runmode will be protected. > > * If the param 'rewrite_to_ssl' is present, any run > modes that are > > labeled as 'RequireSSL' (or all run modes if the param > > 'require_ssl' is present) that are accessed as non-SSL will be > > redirected to the same run mode but as HTTPS. > > > > I'm not sure I understand what is meant by "protected." > Does this mean > > an error is raised if standard HTTP is used when HTTPS is required? > > > > In the cases where a request is "rewritten," what do keep in the > > redirect? I assume all query parameters if the method is "GET," > > but an error is raised if "POST" is used. > > > > In my case, I'd like to be able to turn the SSL checks on > or off based > > on a flag in my app's config file. This is because the team members > > all have personal name-based virtual hosts, and SSL isn't > supported in > > their environments, although it is in the test, staging and > prod envs, > > where we could turn the checks on. Is such a flag something others > > would find useful? > > > > My module, as it stands, works under FastCGI, but I've > heard rumours > > that Attributes sometimes have trouble in a mod_perl > environment. It's > > be great if someone could test it under mp for me > > > > Regards > > > > Dan > > > > > --------------------------------------------------------------------- > > Web Archive: http://www.mail-archive.com/[email protected]/ > > http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > Web Archive: http://www.mail-archive.com/[email protected]/ > http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[email protected]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
