__PACKAGE__->mk_accessors(
qw( params query objects model_class template_args output path
args action template error document_encoding content_type table
- headers_in headers_out stash )
+ headers_in headers_out stash)
);
__PACKAGE__->config( Maypole::Config->new() );
__PACKAGE__->init_done(0);
die "parse_location is a virtual method. Do not use Maypole directly; use Apache::MVC or similar";
}
+sub redirect_internal_request {
+
+}
+
sub send_output {
die "send_output is a virtual method. Do not use Maypole directly; use Apache::MVC or similar";
}
BeerDB->setup("...");
BeerDB::Beer->require;
+=head3 Redirecting to SSL for sensitive information
+
+You have a website with forms that people will be entering sensitive information into,
+such as credit cards or login details. You want to make sure that they aren't sent
+in plain text but over SSL instead.
+
+B<Solution>
+
+The solution is a bit tricky for 2 reasons :
+
+Firstly -- Many browsers and web clients will change a redirected
+POST request into a GET request (which displays all that sensitive information in the
+browser, or access logs and possibly elsewhere) and/or drops the values on the floor.
+
+Secondly -- If somebody has sent that sensitive information in plain text already, then
+sending it again over SSL won't solve the problem.
+
+Redirecting a request is actually rather simple :
+
+$r->redirect_request('https://www.example.com/path'); # perldoc Maypole for API
+
+.. as is checking the protocol :
+
+$r->get_protocol(); # returns 'http' or 'https'
+
+You should check that the action that generates the form that people will enter
+the sensitive information into is https and redirect if not.
+
+You should also check that no information is lost when redirecting, possibly by
+storing it in a session and retrieving it later - see Maypole::Plugin::Session
+
=head3 Debugging with the command line
You're seeing bizarre problems with Maypole output, and you want to test it in
projects / maypole.git / commitdiff