Hi Michael
I've never used the AutoRunmode plugin. I wonder if there is some sort of
clash with the attributes, since both AutoRunmode and RequireSSL use them.
Maybe you could post your code, and I could see if it's anything obvious.
Unfortunately, I'm moving cities, and am trying to tie up all my loose work
ends, pack house, etc ... so I don't have time to look into this in great
detail. However, if you have time to investigate, I am more than happy to
provide assistance, answer questions, etc.
Dan
> -----Original Message-----
> From: Michael Petnuch [mailto:suppressed
> Sent: Monday, 16 July 2007 3:55 p.m.
> To: Dan Horne
> Cc: Michael Petnuch; suppressed
> Subject: Re: [cgiapp] RequireSSL
>
> Dan:
>
> This plugin looks interesting. However, unless I am doing
> something quite silly (very possible), it doesn't work with
> the AutoRunmode plugin. Is there anything though could be
> done to remedy this?
>
> Michael Petnuch
>
> On May 30, 2007, at 5:32 AM, Dan Horne wrote:
>
> > Hi All,
> >
> > because I had a need to scratch, I've written a module that checks
> > that designated run modes are invoked under SSL. I figure I should
> > modify it to meet the requirements for
> > CGI::Application::Plugin::RequireSSL, as requested at http://
> > cgiapp.erlbaum.net/index.cgi?PluginsWanted, but I have a
> few questions
> > about these requirements:
> >
> > * If the param 'require_ssl' is present in the instance script,
> > everything accessed through it will be protected.
> > * If the subroutine attribute 'RequireSSL' is used, an individual
> > runmode will be protected.
> > * If the param 'rewrite_to_ssl' is present, any run
> modes that are
> > labeled as 'RequireSSL' (or all run modes if the param
> > 'require_ssl' is present) that are accessed as non-SSL will be
> > redirected to the same run mode but as HTTPS.
> >
> > I'm not sure I understand what is meant by "protected."
> Does this mean
> > an error is raised if standard HTTP is used when HTTPS is required?
> >
> > In the cases where a request is "rewritten," what do keep in the
> > redirect? I assume all query parameters if the method is "GET,"
> > but an error is raised if "POST" is used.
> >
> > In my case, I'd like to be able to turn the SSL checks on
> or off based
> > on a flag in my app's config file. This is because the team members
> > all have personal name-based virtual hosts, and SSL isn't
> supported in
> > their environments, although it is in the test, staging and
> prod envs,
> > where we could turn the checks on. Is such a flag something others
> > would find useful?
> >
> > My module, as it stands, works under FastCGI, but I've
> heard rumours
> > that Attributes sometimes have trouble in a mod_perl
> environment. It's
> > be great if someone could test it under mp for me
> >
> > Regards
> >
> > Dan
> >
> >
> ---------------------------------------------------------------------
> > Web Archive: http://www.mail-archive.com/suppressed/
> > http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> > To unsubscribe, e-mail: suppressed
> > For additional commands, e-mail: suppressed
> >
>
>
> ---------------------------------------------------------------------
> Web Archive: http://www.mail-archive.com/suppressed/
> http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
> To unsubscribe, e-mail: suppressed
> For additional commands, e-mail: suppressed
>
>
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.