A new dancer plugin.
Hi all, Yesterday I wrote a new dancer plugin to redirect all incoming requests to https inspired by flask-sslify. The project was renamed to don't confuse the users, thanks mst to advise. I'm hope the code look fine and be useful. Dancer::Plugin::RequireSSL also provides your application with an HSTS policy. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security By default hsts_age is set for one year 31536000 seconds, and can also include subdomains in your HSTS policy by default is false. To configure plugin: RequireSSL: hsts_age: 31536000 hsts_include_subdomains: 0 In your config.yml. Regards -- \0/ Hobbestigrou site web: erakis.im
Hi, looks good, but I think you have little bug in this lines in subs _set_hsts_header: sub _set_hsts_header { my $settings = plugin_setting; my $hsts_age = $settings->{hsts_age} // 31536000; my $subdomains = $settings->{hsts_include_subdomains} // 0; Should be place this '||' than '//' my $hsts_age = $settings->{hsts_age} || 31536000; my $subdomains = $settings->{hsts_include_subdomains} || 0;
------------ Původní zpráva ------------ Od: Natal Ngétal <hobbestigrou@erakis.im> Předmět: [Dancer-users] A new dancer plugin. Datum: 13.5.2012 16:01:36 ---------------------------------------- Hi all,
Yesterday I wrote a new dancer plugin to redirect all incoming requests to https inspired by flask-sslify. The project was renamed to don't confuse the users, thanks mst to advise. I'm hope the code look fine and be useful.
Dancer::Plugin::RequireSSL also provides your application with an HSTS policy.
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
By default hsts_age is set for one year 31536000 seconds, and can also include subdomains in your HSTS policy by default is false.
To configure plugin:
RequireSSL: hsts_age: 31536000 hsts_include_subdomains: 0
In your config.yml.
Regards
-- \0/ Hobbestigrou site web: erakis.im _______________________________________________ Dancer-users mailing list Dancer-users@perldancer.org http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
On May 13, 2012, at 12:34 PM, igor.bujna@post.cz wrote:
Hi, looks good, but I think you have little bug in this lines in subs _set_hsts_header:
sub _set_hsts_header { my $settings = plugin_setting; my $hsts_age = $settings->{hsts_age} // 31536000; my $subdomains = $settings->{hsts_include_subdomains} // 0;
Should be place this '||' than '//'
my $hsts_age = $settings->{hsts_age} || 31536000; my $subdomains = $settings->{hsts_include_subdomains} || 0;
Not necessarily... C-style Logical Defined-Or Although it has no direct equivalent in C, Perl's // operator is related to its C-style or. In fact, it's exactly the same as ||, except that it tests the left hand side's definedness instead of its truth. Thus, $a // $b is similar to defined($a) || $b (except that it returns the value of $a rather than the value of defined($a)) and yields the same result as defined($a) ? $a : $b (except that the ternary-operator form can be used as a lvalue, while $a// $b cannot). This is very useful for providing default values for variables. If you actually want to test if at least one of $a and $b is defined, use defined($a // $b) http://perldoc.perl.org/perlop.html#Operator-Precedence-and-Associativity
------------ Původní zpráva ------------ Od: Natal Ngétal <hobbestigrou@erakis.im> Předmět: [Dancer-users] A new dancer plugin. Datum: 13.5.2012 16:01:36 ---------------------------------------- Hi all,
Yesterday I wrote a new dancer plugin to redirect all incoming requests to https inspired by flask-sslify. The project was renamed to don't confuse the users, thanks mst to advise. I'm hope the code look fine and be useful.
Dancer::Plugin::RequireSSL also provides your application with an HSTS policy.
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
By default hsts_age is set for one year 31536000 seconds, and can also include subdomains in your HSTS policy by default is false.
To configure plugin:
RequireSSL: hsts_age: 31536000 hsts_include_subdomains: 0
In your config.yml.
Regards
-- \0/ Hobbestigrou site web: erakis.im _______________________________________________ Dancer-users mailing list Dancer-users@perldancer.org http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
_______________________________________________ Dancer-users mailing list Dancer-users@perldancer.org http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
On Sun, 13 May 2012 19:34:28 +0200 (CEST) igor.bujna@post.cz wrote:
Hi, looks good, but I think you have little bug in this lines in subs _set_hsts_header:
sub _set_hsts_header { my $settings = plugin_setting; my $hsts_age = $settings->{hsts_age} // 31536000; my $subdomains = $settings->{hsts_include_subdomains} // 0;
Should be place this '||' than '//'
my $hsts_age = $settings->{hsts_age} || 31536000; my $subdomains = $settings->{hsts_include_subdomains} || 0;
the // instead of || tests for definedness rather than truth. Your version means that, if you set hsts_age to 0 in the config, the default of a year would be used instead - that's quite probably not desirable. I believe defined-or was introduced in 5.10, though, and the plugin doesn't include 'use 5.010' or similar, so I imagine there will be failures on < 5.8 perls. -- David Precious ("bigpresh") <davidp@preshweb.co.uk> http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook www.preshweb.co.uk/cpan www.preshweb.co.uk/github
2012/5/13 David Precious <davidp@preshweb.co.uk>:
the // instead of || tests for definedness rather than truth. Thank you all for the feedback.
Your version means that, if you set hsts_age to 0 in the config, the default of a year would be used instead - that's quite probably not desirable. Maybe yes 0 is not desirable, I must test that.
I believe defined-or was introduced in 5.10, though, and the plugin doesn't include 'use 5.010' or similar, so I imagine there will be failures on < 5.8 perls. Ok I'm going fix that is the next release, sorry.
-- \0/ Hobbestigrou site web: erakis.im
participants (4)
-
David Precious -
igor.bujna@post.cz -
Natal Ngétal -
Puneet Kishor