Move force_ssl check to production config (#2165)

The force_ssl method from controllers does not add all of the options that the
sitewide configuration in a config block does. For example, HSTS enforcement is
not added by the controller method, but is added by this style.
signup-info-prompt
Matt Jankowski 2017-04-22 22:22:22 -04:00 committed by Eugen
parent 1646ca75f0
commit ee82d8a876
2 changed files with 1 additions and 2 deletions

View File

@ -5,8 +5,6 @@ class ApplicationController < ActionController::Base
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception protect_from_forgery with: :exception
force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
include Localized include Localized
helper_method :current_account helper_method :current_account

View File

@ -108,6 +108,7 @@ Rails.application.configure do
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
config.react.variant = :production config.react.variant = :production