Add force_ssl, now that we have the right headers

puzzle · Dec 29, 2023 · 474a5d7 · 474a5d7
1 parent 36f281d
commit 474a5d7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -4,6 +4,8 @@
   # Code is not reloaded between requests.
   config.cache_classes = true
 
+  config.force_ssl = true
+
   # Eager load code on boot. This eager loads most of Rails and
   # your application in memory, allowing both threaded web servers
   # and those relying on copy on write to perform better.

diff --git a/config/initializers/decidim.rb b/config/initializers/decidim.rb
@@ -69,7 +69,7 @@
   config.currency_unit = "CHF"
 
   # Disable the default redirect to https, since we use nginx for ssl termination
-  config.force_ssl = false
+  # config.force_ssl = false
 
   # The number of reports which an object can receive before hiding it
   # config.max_reports_before_hiding = 3