commit: a0dd90a397648efafd5b2ff3383c1894ad5acac6
parent: 1e2a5dded749649c3e8fe9e6dc6be5d516cca35a
Author: Matt Jankowski <mjankowski@thoughtbot.com>
Date: Sun, 23 Apr 2017 20:44:05 -0400
Return force_ssl to the controller (#2380)
Diffstat:
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
+ force_ssl if: :https_enabled?
+
include Localized
helper_method :current_account
@@ -24,6 +26,10 @@ class ApplicationController < ActionController::Base
private
+ def https_enabled?
+ Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'
+ end
+
def store_current_location
store_location_for(:user, request.url)
end
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -35,14 +35,6 @@ Rails.application.configure do
# Allow to specify public IP of reverse proxy if it's needed
config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank?
- # When LOCAL_HTTPS is set, force traffic over SSL
- config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
-
- # When ENABLE_HSTS is also set, turn on Strict-Transport-Security
- config.ssl_options = {
- hsts: (ENV['ENABLE_HSTS'] == 'true')
- }
-
# By default, use the lowest log level to ensure availability of diagnostic information
# when problems arise.
config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym