diff --git a/config/environments/production.rb b/config/environments/production.rb index 6398d14d0..031c9d2cb 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -60,12 +60,15 @@ Rails.application.configure do # config.action_cable.url = "wss://example.com/cable" # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] + # Set DISABLE_SSL=true to disable all SSL options, rather than specify each individually + ssl_enabled = "true" unless ENV["DISABLE_SSL"] == "true" + # Assume all access to the app is happening through a SSL-terminating reverse proxy. # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. - config.assume_ssl = ENV.fetch("ASSUME_SSL", "true") == "true" + config.assume_ssl = ENV.fetch("ASSUME_SSL", ssl_enabled) == "true" # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = ENV.fetch("FORCE_SSL", "true") == "true" + config.force_ssl = ENV.fetch("FORCE_SSL", ssl_enabled) == "true" # Log to STDOUT by default config.logger = ActiveSupport::Logger.new(STDOUT)