From 047fb0acb1c279972e532e0bb76cb30d0f4e71af Mon Sep 17 00:00:00 2001 From: Heiner Wohner Date: Mon, 22 Jan 2018 14:43:04 +0100 Subject: [PATCH] Makes force_ssl configurable --- config/environments/production.rb | 2 +- config/site.yml.tmpl | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 03085a62..99d6fcff 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -42,7 +42,7 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - # config.force_ssl = true + config.force_ssl = SITE_CONFIG['force_ssl'] # Use the lowest log level to ensure availability of diagnostic information # when problems arise. diff --git a/config/site.yml.tmpl b/config/site.yml.tmpl index 3bf0d91f..362c8ef6 100644 --- a/config/site.yml.tmpl +++ b/config/site.yml.tmpl @@ -25,6 +25,9 @@ secure_cookies: false # secret_token: "change-me" +# Set to true when your application is running with https +force_ssl: false + # Configure how static assets (images, stylesheets, etc.) will be served. # The best practice is to have a proxying web server such as Apache or Nginx # serve static assets (images, stylesheets, javascript) for you. Change