Return force_ssl to the controller (#2380)

lolsob-rspec
Matt Jankowski 2017-04-23 20:44:05 -04:00 committed by Eugen
parent 6c38483bdf
commit f93d4d340d
2 changed files with 6 additions and 8 deletions

View File

@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base
# For APIs, you may want to use :null_session instead. # For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception protect_from_forgery with: :exception
force_ssl if: :https_enabled?
include Localized include Localized
helper_method :current_account helper_method :current_account
@ -24,6 +26,10 @@ class ApplicationController < ActionController::Base
private private
def https_enabled?
Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'
end
def store_current_location def store_current_location
store_location_for(:user, request.url) store_location_for(:user, request.url)
end end

View File

@ -35,14 +35,6 @@ Rails.application.configure do
# Allow to specify public IP of reverse proxy if it's needed # Allow to specify public IP of reverse proxy if it's needed
config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank? config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank?
# When LOCAL_HTTPS is set, force traffic over SSL
config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
# When ENABLE_HSTS is also set, turn on Strict-Transport-Security
config.ssl_options = {
hsts: (ENV['ENABLE_HSTS'] == 'true')
}
# By default, use the lowest log level to ensure availability of diagnostic information # By default, use the lowest log level to ensure availability of diagnostic information
# when problems arise. # when problems arise.
config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym