Return force_ssl to the controller (#2380)

8 years ago · a0dd90a397
parent 1e2a5dded7
commit a0dd90a397
2 changed files with 6 additions and 8 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -5,6 +5,8 @@ class ApplicationController < ActionController::Base
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

+  force_ssl if: :https_enabled?
+
  include Localized

  helper_method :current_account
@ -24,6 +26,10 @@ class ApplicationController < ActionController::Base

  private

+  def https_enabled?
+    Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'
+  end
+
  def store_current_location
    store_location_for(:user, request.url)
  end
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -35,14 +35,6 @@ Rails.application.configure do
  # Allow to specify public IP of reverse proxy if it's needed
  config.action_dispatch.trusted_proxies = [IPAddr.new(ENV['TRUSTED_PROXY_IP'])] unless ENV['TRUSTED_PROXY_IP'].blank?

-  # When LOCAL_HTTPS is set, force traffic over SSL
-  config.force_ssl = (ENV['LOCAL_HTTPS'] == 'true')
-
-  # When ENABLE_HSTS is also set, turn on Strict-Transport-Security
-  config.ssl_options = {
-    hsts: (ENV['ENABLE_HSTS'] == 'true')
-  }
-
  # By default, use the lowest log level to ensure availability of diagnostic information
  # when problems arise.
  config.log_level = ENV.fetch('RAILS_LOG_LEVEL', 'info').to_sym