add option to force ssl

2018-08-02 14:58:20 -04:00 · 2018-08-02 14:58:20 -04:00 · f0610f363d
parent 8ff0018eac
commit f0610f363d
1 changed files with 4 additions and 1 deletions
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -42,7 +42,10 @@ Rails.application.configure do
  # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]

  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = (ENV["ENABLE_SSL"] == "true")
+
+  # Force SSL for loadbalancer configurations.
+  config.force_ssl = true if ENV["LOADBALANCER_ENDPOINT"].present? && ENV["LOADBALANCER_SECRET"].present?

  # Use the lowest log level to ensure availability of diagnostic information
  # when problems arise.