diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b10fa977e74..91f76d311b7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,6 +3,8 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + force_ssl if: "ENV['LOCAL_HTTPS'] == 'true'" + # Profiling before_action do if (current_user && current_user.admin?) || Rails.env == 'development' diff --git a/config/environments/production.rb b/config/environments/production.rb index 4c4ed760c61..09b77654f33 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -32,7 +32,7 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = ENV['LOCAL_HTTPS'] == 'true' + config.force_ssl = false # Use the lowest log level to ensure availability of diagnostic information # when problems arise.