[Dancer-users] ssl questions

franck franck at lumberjaph.net
Tue May 31 17:26:24 CEST 2011


Hi Brian

On Tue, May 31, 2011 at 5:07 PM, Brian E. Lozier <brian at massassi.com> wrote:

> I have set up my dancer app using plackup and behind nginx.  I have
> set up nginx to accept traffic on either port 80 or 443 (https,
> encrypted).  I want to ensure that the /login/ route is never accessed
> over port 80, only over https.  To do this, I think I need to have a
> check at the top of the route to see if SSL is on and forward to 443
> if not.  Then after login is completed I want to forward them back to
> the unencrypted area.  I've done this before under mod_perl
> (non-Dancer app), but I'm not quite sure how this should work in my
> current situation.
>
> Under mod_perl I believe I had an environment variable I could check
> to see if the connection was "SECURE" but now the connection is
> *never* secure between nginx and my dancer app right?  My
> understanding is that the connection between the user and the nginx is
> secure, but nginx decrypts everything before forwarding to my dancer
> app right?  Is this a security risk?
>
> I dumped Dancer::Request and didn't see anything that will allow me to
> find out if I'm under https.
>

you can call request->secure, which returns 1 if it's using HTTPS, else 0.

For the first part of your question, I don't have time right now to think
about the proposer solution, I'll try to reply later this evening if no one
else has a solution for you :)


>
> Thanks,
> Brian
> _______________________________________________
> Dancer-users mailing list
> Dancer-users at perldancer.org
> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
>



-- 

franck cuny

http://lumberjaph.net - http://github.com/franckcuny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.backup-manager.org/pipermail/dancer-users/attachments/20110531/7dfe93e4/attachment.htm>


More information about the Dancer-users mailing list