commit: ee82d8a8761f0bedc97f5e79565b7c5142c1b8bd
parent: 1646ca75f02f21e058d11885edd4ae9b5d7ff8cd
Author: Matt Jankowski <mjankowski@thoughtbot.com>
Date: Sat, 22 Apr 2017 22:22:22 -0400
Move force_ssl check to production config (#2165)
The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.
Diffstat:
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -5,8 +5,6 @@ class ApplicationController < ActionController::Base
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
- force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
-
include Localized
helper_method :current_account
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -108,6 +108,7 @@ Rails.application.configure do
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
+ config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
config.react.variant = :production