Hi Brian On Tue, May 31, 2011 at 5:07 PM, Brian E. Lozier <brian@massassi.com> wrote:
I have set up my dancer app using plackup and behind nginx. I have set up nginx to accept traffic on either port 80 or 443 (https, encrypted). I want to ensure that the /login/ route is never accessed over port 80, only over https. To do this, I think I need to have a check at the top of the route to see if SSL is on and forward to 443 if not. Then after login is completed I want to forward them back to the unencrypted area. I've done this before under mod_perl (non-Dancer app), but I'm not quite sure how this should work in my current situation.
Under mod_perl I believe I had an environment variable I could check to see if the connection was "SECURE" but now the connection is *never* secure between nginx and my dancer app right? My understanding is that the connection between the user and the nginx is secure, but nginx decrypts everything before forwarding to my dancer app right? Is this a security risk?
I dumped Dancer::Request and didn't see anything that will allow me to find out if I'm under https.
you can call request->secure, which returns 1 if it's using HTTPS, else 0. For the first part of your question, I don't have time right now to think about the proposer solution, I'll try to reply later this evening if no one else has a solution for you :)
Thanks, Brian _______________________________________________ Dancer-users mailing list Dancer-users@perldancer.org http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
-- franck cuny http://lumberjaph.net - http://github.com/franckcuny