forked from isleshocky77/sfSslRequirementPlugin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
50 lines (33 loc) · 1.23 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
= sfSslRequirement plugin (for symfony 1.1) =
The `sfSslRequirement` is a symfony plugin that provides SSL encryption support for your module actions.
It gives you 2 new security settings: `require_ssl` and `allow_ssl`.
The plugin also adds 2 new `sfAction` methods: `->sslRequired()` and `->sslAllowed()`.
== Logic ==
Only execute once per request and SF_ENVIRONMENT in one of the environments configured in app_disable_sslfilter
* if not posting
* if secured
* then check if its allowed else redirect from https to http
* else if secured required redirect from http to https
== Installation ==
* Install the plugin
{{{
symfony plugin:install symfony/sfSslRequirementPlugin
}}}
* Activate the filter in your `filters.yml`
{{{
sfSslRequirement:
class: sfSslRequirementFilter
}}}
* Clear your cache
{{{
symfony cc
}}}
=== Secure your application ===
To force SSL on an action:
* Add the following snippet to the module `security.yml`:
{{{
sslAction:
require_ssl: true
}}}
* You're done. Now, if you try to access the `sslAction` with HTTP, you will be automatically redirected to HTTPS.
* The `sslAction` listed here is an example. Substitute with your actual action name.