Add DSIABLE_SSL env option

`assume_ssl` and `force_ssl` are often used together:

- When running behind a terminating proxy (including Thruster) you'll
  want both.
- When running without SSL (like on localhost) you'll want neither.

To simplify setup for those cases, we add the `DISABLE_SSL` option. When
set to `true` all SSL-related behaviour is turned off. When left as the
default, it's on.

We can still use `ASSUME_SSL` and `FORCE_SSL` to set those separately
if required.
This commit is contained in:
Kevin McConnell
2025-12-11 15:47:05 +00:00
parent ddf4d2454d
commit 154a3d79ee
+5 -2
View File
@@ -60,12 +60,15 @@ Rails.application.configure do
# config.action_cable.url = "wss://example.com/cable"
# config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
# Set DISABLE_SSL=true to disable all SSL options, rather than specify each individually
ssl_enabled = "true" unless ENV["DISABLE_SSL"] == "true"
# Assume all access to the app is happening through a SSL-terminating reverse proxy.
# Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
config.assume_ssl = ENV.fetch("ASSUME_SSL", "true") == "true"
config.assume_ssl = ENV.fetch("ASSUME_SSL", ssl_enabled) == "true"
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = ENV.fetch("FORCE_SSL", "true") == "true"
config.force_ssl = ENV.fetch("FORCE_SSL", ssl_enabled) == "true"
# Log to STDOUT by default
config.logger = ActiveSupport::Logger.new(STDOUT)