Make HSTS enable optional with force_ssl (#2364)
This commit is contained in:
parent
1244630ab4
commit
57cd6546c3
1 changed files with 7 additions and 4 deletions
|
@ -35,8 +35,13 @@ Rails.application.configure do
|
||||||
# Allow to specify public IP of reverse proxy if it's needed
|
# Allow to specify public IP of reverse proxy if it's needed
|
||||||
config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank?
|
config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank?
|
||||||
|
|
||||||
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
# When LOCAL_HTTPS is set, force traffic over SSL
|
||||||
config.force_ssl = false
|
config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
|
||||||
|
|
||||||
|
# When ENABLE_HSTS is also set, turn on Strict-Transport-Security
|
||||||
|
config.ssl_options = {
|
||||||
|
hsts: (ENV['ENABLE_HSTS'] == 'true')
|
||||||
|
}
|
||||||
|
|
||||||
# By default, use the lowest log level to ensure availability of diagnostic information
|
# By default, use the lowest log level to ensure availability of diagnostic information
|
||||||
# when problems arise.
|
# when problems arise.
|
||||||
|
@ -108,8 +113,6 @@ Rails.application.configure do
|
||||||
|
|
||||||
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
|
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
|
||||||
|
|
||||||
config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
|
|
||||||
|
|
||||||
config.react.variant = :production
|
config.react.variant = :production
|
||||||
|
|
||||||
config.to_prepare do
|
config.to_prepare do
|
||||||
|
|
Loading…
Reference in a new issue