FAQ
Hello,

I am looking for a way to configure Catalyst in a way that all URIs
generated are forced to use https. The default behaviour seems to always
use the same scheme as the incoming request.

I have looked at Plugin::SmartURI, but that only allows
relative/absolute/hostless-URIs. I would probably have to subclass
SmartURI, but have no idea how to do that.

Thanks for your help.

Regards,

Tobias

Search Discussions

  • Jon at Aug 4, 2011 at 3:23 pm

    I am looking for a way to configure Catalyst in a way that all URIs
    generated are forced to use https. The default behaviour seems to always
    use the same scheme as the incoming request.
    Have you looked at C::P::RequireSSL?

    http://search.cpan.org/~agrundma/Catalyst-Plugin-RequireSSL-0.06/lib/Catalyst/Plugin/RequireSSL.pm

    - jon
  • Tobias Klug at Aug 4, 2011 at 3:34 pm
    Yes I have already looked at it. The Plugin redirects to the
    https-version of the page instead of just changing all links.

    In my setup the catalyst server runs on http. The requests come from a
    reverse proxy, that only accepts https-requests from the clients.
    Therefore I need to force all generated URIs to be https.

    I hope that clarifies my problem.

    -- Tobias
    On 04.08.2011 17:23, Jon wrote:
    I am looking for a way to configure Catalyst in a way that all URIs
    generated are forced to use https. The default behaviour seems to always
    use the same scheme as the incoming request.
    Have you looked at C::P::RequireSSL?

    http://search.cpan.org/~agrundma/Catalyst-Plugin-RequireSSL-0.06/lib/Catalyst/Plugin/RequireSSL.pm

    - jon

    _______________________________________________
    List: Catalyst@lists.scsys.co.uk
    Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
    Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
    Dev site: http://dev.catalyst.perl.org/
  • Len Jaffe at Aug 4, 2011 at 3:47 pm

    On Thu, Aug 4, 2011 at 11:34 AM, Tobias Klug wrote:

    Yes I have already looked at it. The Plugin redirects to the
    https-version of the page instead of just changing all links.

    In my setup the catalyst server runs on http. The requests come from a
    reverse proxy, that only accepts https-requests from the clients.
    Therefore I need to force all generated URIs to be https.

    I hope that clarifies my problem.

    Since you're using your proxy as an SSL proxy, I'd make the proxy
    postprocess the response body.
    Or you could have catalyst to something like
    $c->response->{body} =~ s/http:/https:/g
    in your end action.

    Len.


    --
    lenjaffe@jaffesystems.com 614-404-4214
    Proprietor: http://www.theycomewithcheese.com/ - An Homage to Fromage
    Asst. Scoutmaster Troop 156 - www.bsatroop156.org -
    webmaster@bsatroop156.org
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110804/10e62cd0/attachment.htm
  • Ian Docherty at Aug 4, 2011 at 3:55 pm
    From: Len Jaffe
    Sent: 04 August 2011 16:47
    To: The elegant MVC web framework
    Subject: Re: [Catalyst] Force https in generated URIs


    Since you're using your proxy as an SSL proxy, I'd make the proxy postprocess the response body.
    Or you could have catalyst to something like ? ? ? ? ? ? ? ? ? $c->response->{body} =~ s/http:/https:/g
    in your end action.

    Len.?

    [Ian replied.]

    Len, I think that would probably fail if there were links to external web sites on the page.

    Regards
    Ian



    This e-mail (including any attachments) is confidential, may contain
    proprietary or privileged information and is intended for the named
    recipient(s) only. Unintended recipients are prohibited from taking action
    on the basis of information in this e-mail and must delete all copies.
    Nomura will not accept responsibility or liability for the accuracy or
    completeness of, or the presence of any virus or disabling code in, this
    e-mail. If verification is sought please request a hard copy. Any reference
    to the terms of executed transactions should be treated as preliminary only
    and subject to formal written confirmation by Nomura. Nomura reserves the
    right to monitor e-mail communications through its networks (in accordance
    with applicable laws). No confidentiality or privilege is waived or lost by
    Nomura by any mistransmission of this e-mail. Any reference to "Nomura" is
    a reference to any entity in the Nomura Holdings, Inc. group. Please read
    our Electronic Communications Legal Notice which forms part of this e-mail:
    http://www.Nomura.com/email_disclaimer.htm
  • Len Jaffe at Aug 4, 2011 at 4:02 pm

    On Thu, Aug 4, 2011 at 11:55 AM, wrote:

    From: Len Jaffe
    Sent: 04 August 2011 16:47

    Since you're using your proxy as an SSL proxy, I'd make the proxy
    postprocess the response body.
    Or you could have catalyst to something like
    $c->response->{body} =~ s/http:/https:/g
    in your end action.

    [Ian replied.]

    Len, I think that would probably fail if there were links to external web
    sites on the page.
    Um...Left as an exercise for the reader?


    --
    lenjaffe@jaffesystems.com 614-404-4214
    Proprietor: http://www.theycomewithcheese.com/ - An Homage to Fromage
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20110804/0cd14907/attachment.htm
  • Larry Leszczynski at Aug 4, 2011 at 3:57 pm
    Hi Tobias -
    Therefore I need to force all generated URIs to be https.
    If generated URIs means those coming from $c->uri_for() and friends, you
    should be able the modify the URI scheme in $c->request->base, which
    gets used by uri_for().

    Not tested but try something like the following.

    HTH,
    Larry

    Side question: Is namespace::autoclean needed any more?

    ==============================================

    package MyApp;

    use Moose;

    use namespace::autoclean;

    BEGIN { extends 'AL::Catalyst::Base' }

    with 'MyApp::Roles::Catalyst::IsOnlyHTTPS';

    use Catalyst (...);

    ==============================================

    package MyApp::Roles::Catalyst::IsOnlyHTTPS;

    use Moose::Role;

    use namespace::autoclean;

    after 'prepare_path' => sub {

    my $c = shift;

    $c->request->base->scheme('https');

    # Might be necessary to keep request
    # uri in sync with request base?
    # Not sure...
    #
    #$c->request->uri->scheme('https');

    return;
    };

    1;

    ==============================================
  • Tomas Doran at Aug 4, 2011 at 8:45 pm

    On 4 Aug 2011, at 16:57, Larry Leszczynski wrote:

    Hi Tobias -
    Therefore I need to force all generated URIs to be https.
    If generated URIs means those coming from $c->uri_for() and friends,
    you
    should be able the modify the URI scheme in $c->request->base, which
    gets used by uri_for().

    Not tested but try something like the following.

    HTH,
    Larry

    Side question: Is namespace::autoclean needed any more?
    define 'needed'?

    It's never 'needed' as long as you never want a 'has' method, and
    you're happy with none of your imports being cleaned up, so all your
    classes are lolcat like in their ability to ->can('has');

    Cheers
    t0m
  • Larry Leszczynski at Aug 4, 2011 at 8:54 pm
    Hi t0m -
    On 4 Aug 2011, at 16:57, Larry Leszczynski wrote:

    Side question: Is namespace::autoclean needed any more?
    define 'needed'?

    It's never 'needed' as long as you never want a 'has' method, and
    you're happy with none of your imports being cleaned up, so all your
    classes are lolcat like in their ability to ->can('has');

    Cheers
    t0m
    Thanks for the clarification - I had seen a fair amount of Moose code
    that did *not* use namespace::autoclean, so wasn't sure if it was
    something that had become automatically enabled or something. I see now
    in the best practices document that it is still recommended:

    http://search.cpan.org/perldoc?Moose::Manual::BestPractices



    Thanks!
    Larry
  • Tomas Doran at Aug 5, 2011 at 7:33 am

    On 4 Aug 2011, at 21:54, Larry Leszczynski wrote:
    Thanks for the clarification - I had seen a fair amount of Moose code
    that did *not* use namespace::autoclean,
    If you say:

    package Foo;
    use Moose;

    ... code ...

    no Moose;

    Then you're also fine..

    However if you import stuff from half a dozen modules at the top of
    your file, then you need to un-import all of them, and adding:

    no Moose;
    no Foo;
    no Bar;
    no Baz;

    etc is both a pain in the ass, and likely to be error prone.

    Using namespace::clean or namespace::autoclean just neatly avoids this.

    Cheers
    t0m
  • Tomas Doran at Aug 4, 2011 at 3:44 pm

    On 4 Aug 2011, at 16:18, Tobias Klug wrote:
    I am looking for a way to configure Catalyst in a way that all URIs
    generated are forced to use https.
    Add this to your app class:

    around uri_for => sub { my ($orig, $ctx, @args) = @_; my $uri = $ctx->
    $orig(@args); $uri->secure(1); $uri };

    Cheers
    t0m
  • Tobias Klug at Aug 4, 2011 at 6:44 pm

    Am 04.08.2011 17:44, schrieb Tomas Doran:
    around uri_for => sub { my ($orig, $ctx, @args) = @_; my $uri =
    $ctx->$orig(@args); $uri->secure(1); $uri };
    Thanks a lot. This solution works like a charm.

    Cheers,

    Tobias

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedAug 4, '11 at 3:18p
activeAug 5, '11 at 7:33a
posts12
users6
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase