forked from fedi/mastodon
Move force_ssl check to production config (#2165)
The force_ssl method from controllers does not add all of the options that the sitewide configuration in a config block does. For example, HSTS enforcement is not added by the controller method, but is added by this style.
This commit is contained in:
parent
1646ca75f0
commit
ee82d8a876
|
@ -5,8 +5,6 @@ class ApplicationController < ActionController::Base
|
||||||
# For APIs, you may want to use :null_session instead.
|
# For APIs, you may want to use :null_session instead.
|
||||||
protect_from_forgery with: :exception
|
protect_from_forgery with: :exception
|
||||||
|
|
||||||
force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
|
|
||||||
|
|
||||||
include Localized
|
include Localized
|
||||||
|
|
||||||
helper_method :current_account
|
helper_method :current_account
|
||||||
|
|
|
@ -108,6 +108,7 @@ Rails.application.configure do
|
||||||
|
|
||||||
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
|
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
|
||||||
|
|
||||||
|
config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
|
||||||
|
|
||||||
config.react.variant = :production
|
config.react.variant = :production
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue