From df4f8810c5e30add875b8f53688679e33431f02f Mon Sep 17 00:00:00 2001 From: Julian Herrero Date: Wed, 30 Oct 2019 20:17:39 +0700 Subject: [PATCH] Define `force_ssl` configuration in secrets file this is usually configured in the production.rb file (which is under version control), the natural place to configure it is the secrets.yml file. Until now we were using the capistrano shared folder, but that's a bit inconvenient since changes we've done to the production.rb file (like changing eager_load_paths when we upgraded to Rails 5) won't take effect after a deployment. --- config/environments/preproduction.rb | 3 ++- config/environments/production.rb | 3 ++- config/environments/staging.rb | 3 ++- config/secrets.yml.example | 3 +++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/config/environments/preproduction.rb b/config/environments/preproduction.rb index 17e1b9439..39c060f13 100644 --- a/config/environments/preproduction.rb +++ b/config/environments/preproduction.rb @@ -47,7 +47,8 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # Configure force_ssl in secrets.yml + config.force_ssl = Rails.application.secrets.force_ssl # Use the lowest log level to ensure availability of diagnostic information # when problems arise. diff --git a/config/environments/production.rb b/config/environments/production.rb index 245973eb9..707331124 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -49,7 +49,8 @@ Rails.application.configure do # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # Configure force_ssl in secrets.yml + config.force_ssl = Rails.application.secrets.force_ssl # Use the lowest log level to ensure availability of diagnostic information # when problems arise. diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 65a15f2b5..f47529f64 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -47,7 +47,8 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # Configure force_ssl in secrets.yml + config.force_ssl = Rails.application.secrets.force_ssl # Use the lowest log level to ensure availability of diagnostic information # when problems arise. diff --git a/config/secrets.yml.example b/config/secrets.yml.example index d0c896c0f..05870b09d 100644 --- a/config/secrets.yml.example +++ b/config/secrets.yml.example @@ -32,6 +32,7 @@ test: staging: secret_key_base: "" server_name: "" + force_ssl: true rollbar_server_token: "" http_basic_username: "" http_basic_password: "" @@ -53,6 +54,7 @@ preproduction: # password: "" # authentication: "plain" # enable_starttls_auto: true + force_ssl: true rollbar_server_token: "" http_basic_username: "" http_basic_password: "" @@ -79,6 +81,7 @@ production: # password: "" # authentication: "plain" # enable_starttls_auto: true + force_ssl: true rollbar_server_token: "" http_basic_username: "" http_basic_password: ""