Return force_ssl to the controller (#2380)
parent
1e2a5dded7
commit
a0dd90a397
|
@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base
|
|||
# For APIs, you may want to use :null_session instead.
|
||||
protect_from_forgery with: :exception
|
||||
|
||||
force_ssl if: :https_enabled?
|
||||
|
||||
include Localized
|
||||
|
||||
helper_method :current_account
|
||||
|
@ -24,6 +26,10 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
private
|
||||
|
||||
def https_enabled?
|
||||
Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'
|
||||
end
|
||||
|
||||
def store_current_location
|
||||
store_location_for(:user, request.url)
|
||||
end
|
||||
|
|
|
@ -35,14 +35,6 @@ Rails.application.configure do
|
|||
# Allow to specify public IP of reverse proxy if it's needed
|
||||
config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank?
|
||||
|
||||
# When LOCAL_HTTPS is set, force traffic over SSL
|
||||
config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
|
||||
|
||||
# When ENABLE_HSTS is also set, turn on Strict-Transport-Security
|
||||
config.ssl_options = {
|
||||
hsts: (ENV['ENABLE_HSTS'] == 'true')
|
||||
}
|
||||
|
||||
# By default, use the lowest log level to ensure availability of diagnostic information
|
||||
# when problems arise.
|
||||
config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym
|
||||
|
|
Reference in New Issue