sfSslRequirementPlugin - 1.2.0

SSL encryption plugin.

You are currently browsing
the website for symfony 1

Visit the Symfony2 website


« Back to the Plugins Home

Signin


Forgot your password?
Create an account

Tools

Stats

advanced search
Information Readme Releases Changelog Contribute
Show source | Show as Markdown

sfSslRequirement plugin

The sfSslRequirement is a symfony plugin that provides SSL encryption support for your module actions.

It gives you 2 new security settings: require_ssl and allow_ssl. The plugin also adds 2 new sfAction methods: ->sslRequired() and ->sslAllowed().

Logic

As of version 1.2.0:

  • only execute once per request and SF_ENVIRONMENT in one of the environments configured in app_disable_sslfilter
  • if not posting
    • if secured
    • then check if its allowed else redirect from https to http
    • else if secured required redirect from http to https

Until version including version 1.1:

  • If an action is secured with the require_ssl, then all HTTP requests will be redirected to the same action but with the HTTPS protocol.

  • If an action is secured and allow_ssl is false, then all HTTPS request will be redirected to HTTP.

Installation

  • Install the plugin

    symfony plugin-install http://plugins.symfony-project.com/sfSslRequirementPlugin
    
  • Activate the filter in your filters.yml

    sfSslRequirement:
      class: sfSslRequirementFilter
    
  • Clear your cache

    symfony cc
    

Secure your application

To force SSL on an action:

  • Add the following snippet to the module security.yml:

    sslAction:
      require_ssl: true
    
  • You're done. Now, if you try to access the sslAction with HTTP, you will be automatically redirected to HTTPS.

  • The sslAction listed here is an example. Substitute with your actual action name.