FAQ
Hi,

In a catalyst action accessed using https I do:

if ($c->authenticate({username => $username, password => $password, active => 1})) {
$c->res->redirect($c->uri_for_action("/index"));
}

It redirects to / URI of the site, but using http, not https as in the request for the current page.

Isn't $c->uri_for_action() able to see that the current URI uses https and continue to use it or this revert to http is intentional?

Thanks.

--
Octavian



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4973 (20100325) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100325/60703a16/attachment.htm

Search Discussions

  • Christiaan Kras at Mar 25, 2010 at 5:58 pm
    You can use Catalyst::Plugin::RequireSSL to force https.

    Although I think https should be used by your method if that's what the
    user access the app with.


    Christiaan



    Octavian Rasnita schreef:
    Hi,

    In a catalyst action accessed using https I do:

    if ($c->authenticate({username => $username, password => $password,
    active => 1})) {
    $c->res->redirect($c->uri_for_action("/index"));
    }
    It redirects to / URI of the site, but using http, not https as in the
    request for the current page.

    Isn't $c->uri_for_action() able to see that the current URI uses https
    and continue to use it or this revert to http is intentional?

    Thanks.

    --
    Octavian


    __________ Information from ESET NOD32 Antivirus, version of virus
    signature database 4973 (20100325) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com
    ------------------------------------------------------------------------

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100325/5a11b0ab/attachment.htm
  • Octavian Rasnita at Mar 25, 2010 at 8:23 pm
    Hi,

    Sorry but I haven't provided the correct information.
    The problem is that I use a load balancer (Apache mod_proxy_balancer) and it gets the https request, however it passes the request to the backend Apache - mod_perl based servers using http.

    How do you do $c->res->redirect in cases like this?

    The front end server listens to the ports 80 and 443 and the back end servers to the ports 81 and 82 (they are on the same machine for the moment).

    The back end servers don't know if the current request is an http or an https one and on each redirect, they do the redirection using the http scheme.
    (I have also set the configuration option using_frontend_proxy to true.)


    Also, because the back end servers receive only http requests, $c->req->secure is always equal to 0.
    I have read that I can set the HTTPS environment variable to "On" and I put the following line in the configuration file of the load balancer Apache server in the virtualhost that handles SSL requests:

    SetEnv HTTPS On

    But nothing changes and $c->req->secure is still equal to 0, and the redirects are still done using the https scheme, so I am doing something wrong for sure.

    Do I need to have special virtualhosts on the back end servers that handle the requests that came using https and set the HTTPS environment variable on those virtualhosts? Or how can I let the Catalyst app know if the requests to the load balancer were using https?

    Please tell me what should I do or where can I find more information about using a load balancer with https and Catalyst.

    Thanks.

    Octavian

    From: "Christiaan Kras" <c.kras@pcc-online.net>
    You can use Catalyst::Plugin::RequireSSL to force https.

    Although I think https should be used by your method if that's what the
    user access the app with.


    Christiaan



    Octavian Rasnita schreef:
    Hi,

    In a catalyst action accessed using https I do:

    if ($c->authenticate({username => $username, password => $password,
    active => 1})) {
    $c->res->redirect($c->uri_for_action("/index"));
    }
    It redirects to / URI of the site, but using http, not https as in the
    request for the current page.

    Isn't $c->uri_for_action() able to see that the current URI uses https
    and continue to use it or this revert to http is intentional?

    Thanks.

    --
    Octavian


    __________ Information from ESET NOD32 Antivirus, version of virus
    signature database 4973 (20100325) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com
    ------------------------------------------------------------------------

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/

    --------------------------------------------------------------------------------

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/
  • Bill Moseley at Mar 25, 2010 at 10:03 pm
    2010/3/25 Octavian Rasnita <orasnita@gmail.com>
    The back end servers don't know if the current request is an http or an
    https one and on each redirect, they do the redirection using the http
    scheme.
    (I have also set the configuration option using_frontend_proxy to true.)


    Also, because the back end servers receive only http requests,
    $c->req->secure is always equal to 0.
    I have read that I can set the HTTPS environment variable to "On" and I put
    the following line in the configuration file of the load balancer Apache
    server in the virtualhost that handles SSL requests:

    SetEnv HTTPS On
    Does that header get to Catalyst? Obviously, check that first.

    I have this in a "after 'prepare_headers'":

    $res->secure( 1 ) if lc( $req->header( 'Https' ) || '' ) eq 'on';

    The load balancer sends all traffic to the same port. The load balancer
    sets that header for SSL traffic.

    I used to send to two different ports and then detect SSL based on the port
    number. Same result either way.




    --
    Bill Moseley
    moseley@hank.org
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100325/1cec2321/attachment.htm
  • Octavian Rasnita at Mar 26, 2010 at 7:46 am
    From: Bill Moseley
    2010/3/25 Octavian Rasnita <orasnita@gmail.com>
    The back end servers don't know if the current request is an http or an https one and on each redirect, > > they do the redirection using the http scheme.
    (I have also set the configuration option using_frontend_proxy to true.)
    > >
    Also, because the back end servers receive only http requests, $c->req->secure is always equal to 0.
    I have read that I can set the HTTPS environment variable to "On" and I put the following line in the
    configuration file of the load balancer Apache server in the virtualhost that handles SSL requests:
    > >
    SetEnv HTTPS On
    Does that header get to Catalyst? Obviously, check that first. >
    I have this in a "after 'prepare_headers'": >
    $res->secure( 1 ) if lc( $req->header( 'Https' ) || '' ) eq 'on'; >
    The load balancer sends all traffic to the same port. The load balancer sets that header for SSL traffic.

    I didn't know that HTTPS should be an HTTP header and not an environment variable so I have also added as a header.

    I have put in the configuration file of the back end servers (to be sure that it will reach the app):

    SetEnv HTTPS On

    and in the configuration file of the load balancer server:

    RequestHeader set HTTPS On

    And in a test action I have done:

    my $body;
    $body .= "HTTPS environment variable: $ENV{HTTPS}<br />\n";
    $body .= "HTTPS header: " . $c->req->header('HTTPS') . "<br />\n";
    $body .= "secure: " . $c->req->secure . "<br />\n";;
    $c->req->secure(1); #Force it to be true
    $body .= "secure: " . $c->req->secure . "<br />\n"; # Check if it is set correctly
    $body .= "uri_for_action: " . $c->uri_for_action('/user/login2') . "<br />\n";
    $c->res->body($body);

    And the result is:

    HTTPS environment variable: On
    HTTPS header: On
    secure: 0
    secure: 1
    uri_for_action: http://site.testsite.com:5555/en/user/login2

    So it seems that both the environment variable HTTPS and the header HTTPS are seen by Catalyst, but $c->req->secure is still equal to 0.

    Do I need to add a certain plugin in order to be able to use $c->req->secure or what could be the problem that it is not set correctly?

    I have read in Catalyst::Request:

    "the URI scheme (eg., http vs. https) must be determined through heuristics; depending on your server configuration, it may be incorrect. See $req->secure for more info."

    And more info:
    "Note that the URI scheme (eg., http vs. https) must be determined through heuristics, and therefore the reliablity of $req->secure will depend on your server configuration. If you are serving secure pages on the standard SSL port (443) and/or setting the HTTPS environment variable, $req->secure should be valid."

    I am accessing the site using SSL by the 5555 port so I need the HTTPS environment variable (or HTTP header) but I don't know why $c->req->secure is still not set.

    And finally, even though I forced $c->req->secure to be true, $c->uri_for_action still uses the http scheme and not https so in the entire application the redirects won't be done correctly and this is the big problem.

    Thanks.


    Octavian


    --
    Bill Moseley
    moseley@hank.org



    ------------------------------------------------------------------------------


    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/



    __________ Information from ESET NOD32 Antivirus, version of virus signature database 4975 (20100325) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com




    __________ Information from ESET NOD32 Antivirus, version of virus signature database 4975 (20100325) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com

    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100326/33009268/attachment.htm
  • Jose Luis Martinez at Mar 26, 2010 at 8:37 am

    El 26/03/2010 8:46, Octavian Rasnita escribi?:
    And in a test action I have done:
    my $body;
    $body .= "HTTPS environment variable: $ENV{HTTPS}<br />\n";
    $body .= "HTTPS header: " . $c->req->header('HTTPS') . "<br />\n";
    $body .= "secure: " . $c->req->secure . "<br />\n";;
    $c->req->secure(1); #Force it to be true
    $body .= "secure: " . $c->req->secure . "<br />\n"; # Check if it is
    set correctly
    $body .= "uri_for_action: " . $c->uri_for_action('/user/login2') .
    "<br />\n";
    $c->res->body($body);
    And the result is:
    HTTPS environment variable: On
    HTTPS header: On
    secure: 0
    secure: 1
    uri_for_action: http://site.testsite.com:5555/en/user/login2
    Try with

    if (lc($c->req->headers()->{'x-https'}) eq 'on'){
    my $uri = $c->req->base();
    $uri->scheme("https");
    $c->req->base($uri);
    }

    Note: I set X-Https header on the apache with

    RequestHeader set X-Https "%{HTTPS}e"

    works for me...

    Jose Luis Martinez
    jlmartinez@capside.com
  • Bill Moseley at Mar 26, 2010 at 1:03 pm

    On Fri, Mar 26, 2010 at 12:46 AM, Octavian Rasnita wrote:

    *From:* Bill Moseley <moseley@hank.org>
    SetEnv HTTPS On
    Does that header get to Catalyst? Obviously, check that first.
    I didn't know that HTTPS should be an HTTP header and not an environment
    variable so I have also added as a header.

    Sorry, I missed that you were setting the environment var -- I assumed you
    were setting a header in your load balancer. Obviously, the front-end web
    server's environment is not shared with the back-end's environment.

    You have the front-end load balancer add a header to SSL requests when being
    proxied to the backend. Then the backend looks for the this header and, if
    set, sets $c->req->secure(1);

    You just need some way for the front-end to tell you which requests are SSL
    on the front end. As mentioned, another approach is to use two different
    ports on the backend.


    And finally, even though I forced $c->req->secure to be true,
    $c->uri_for_action still uses the http scheme and not https so in the entire
    application the redirects won't be done correctly and this is the big
    problem.
    You need to set $request->secure(1) earlier in the request so that when
    $base is created it has the correct scheme.

    Here's a simple example application:

    $ cat lib/ssl.pm lib/ssl/Controller/Root.pm
    package ssl;
    use Moose;
    use namespace::autoclean -except => 'meta';
    extends 'Catalyst';

    __PACKAGE__->setup();

    after 'prepare_headers' => sub {
    my $self = shift;
    $self->req->secure( $ENV{SSL} );
    };

    1;


    package ssl::Controller::Root;
    use Moose;
    use namespace::autoclean -except => 'meta';
    BEGIN { extends 'Catalyst::Controller' }
    __PACKAGE__->config->{namespace} = '';

    sub hello : Local {
    my ( $self, $c ) = @_;
    $c->res->body( $c->uri_for( '/hello' ) );
    };

    1;


    ~/ssl$ script/ssl_test.pl /hello
    http://localhost/hello

    ~/ssl$ SSL=1 script/ssl_test.pl /hello
    https://localhost/hello


    Don't get confused by that example where I'm checking $ENV. You will want
    to check a request header (or port) as that's how the front-end can
    communicate with the back-end.

    Note that Catalyst::Apache::Engine will check for $ENV{HTTPS} is "ON" but
    for that to happen you would have to do something like $ENV{HTTPS} =
    $c->req->headers( 'HTTPS' ) very early in the request (or get Apache to set
    it based on the request header.

    I find it easier to just explicitly set secure(1) based on a header (or
    port).


    --
    Bill Moseley
    moseley@hank.org
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100326/06a02df1/attachment.htm

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedMar 25, '10 at 12:12p
activeMar 26, '10 at 1:03p
posts7
users4
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase