On Tue, May 31, 2011 at 5:07 PM, Brian E. Lozier
<brian@massassi.com> wrote:
I have set up my dancer app using plackup and behind nginx. I have
set up nginx to accept traffic on either port 80 or 443 (https,
encrypted). I want to ensure that the /login/ route is never accessed
over port 80, only over https. To do this, I think I need to have a
check at the top of the route to see if SSL is on and forward to 443
if not. Then after login is completed I want to forward them back to
the unencrypted area. I've done this before under mod_perl
(non-Dancer app), but I'm not quite sure how this should work in my
current situation.
Under mod_perl I believe I had an environment variable I could check
to see if the connection was "SECURE" but now the connection is
*never* secure between nginx and my dancer app right? My
understanding is that the connection between the user and the nginx is
secure, but nginx decrypts everything before forwarding to my dancer
app right? Is this a security risk?
I dumped Dancer::Request and didn't see anything that will allow me to
find out if I'm under https.
you can call request->secure, which returns 1 if it's using HTTPS, else 0.
For the first part of your question, I don't have time right now to think about the proposer solution, I'll try to reply later this evening if no one else has a solution for you :)
Thanks,
Brian
_______________________________________________
Dancer-users mailing list
Dancer-users@perldancer.org
http://www.backup-manager.org/cgi-bin/listinfo/dancer-users