Adds support for forcing a user's connection to HTTPS if they're loading only the HTTP version of a given URL.
Call the supplied forceHttps() initializer method from your controller's init() method.
forceHttps( [ string environments, string only, string except ] )
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
environment |
string | No | [empty string] |
List of environments in which to force the HTTPS connection. This is useful if you do not have SSL
configured in your design and development environments, for example. This
argument is aliased as environment if you want to use it for readability when specifying
only one environment.
|
only |
string | No | [empty string] |
Similar to the only argument for filters(), this allows you to specify a list
of actions to only run the forced HTTPS on.
|
except |
string | No | [empty string] |
Similar to the except argument for filters(), this allows you to specify a
list of actions to exclude the forced HTTPS from running on.
|
Note: This plugin stores configuration information for each controller in the application scope. If you change the
environments argument in your call to forceHttps(), you'll need to reload your CFWheels application to see the
changes take place.
In controllers/Controller.cfc, add this call:
<cfcomponent extends="Wheels">
<cffunction name="init">
<cfset forceHttps()>
</cffunction>
</cfcomponent>
Now all other controller files that extend Controller will force an HTTPS connection on the client.
If we wanted HTTPS only to be enforced in our maintenance and production environments, we can use the environments
argument like so:
<cfset forceHttps(environments="maintenance,production")>
Let's say that we want for our index action in a given controller to not force HTTPS:
<cfset forceHttps(except="index", environments="maintenance,production")>
Or perhaps we only want HTTPS to be forced on our create and update actions:
<cfset forceHttps(only="create,update", environments="maintenance,production")>
You can add arguments to the init() method in your controller to allow for exceptions for your forced HTTP connection.
The file at controllers/Controller.cfc would look something like this:
<cfcomponent extends="Wheels">
<cffunction name="init">
<cfargument name="forceHttpsExcept" type="string" required="false" default="">
<cfargument name="forceHttpsOnly" type="string" required="false" default="">
<cfset forceHttps(except=arguments.forceHttpsExcept, only=arguments.forceHttpsOnly, environments="maintenance,production")>
</cffunction>
</cfcomponent>
Then let's say, for example, that we want for the index action in our main controller to not force HTTPS. The
main controller would take advantage of these extra arguments when calling its parent contructor:
<cfcomponent extends="Controller">
<cffunction name="init">
<cfset super.init(forceHttpsExcept="index")>
</cffunction>
</cfcomponent>
That way other controllers can also extend the parent constructor without having the same constraints as the main
controller.
Here's an example users controller that wouldn't pass on any exceptions:
<cfcomponent extends="Controller">
<cffunction name="init">
<cfset super.init()>
</cffunction>
</cfcomponent>
This plugin was created by Chris Peters with support from Liquifusion Studios.