From 154a3d79ee2206673c7cddb3979e1e382e0e01db Mon Sep 17 00:00:00 2001 From: Kevin McConnell Date: Thu, 11 Dec 2025 15:47:05 +0000 Subject: [PATCH] Add `DSIABLE_SSL` env option `assume_ssl` and `force_ssl` are often used together: - When running behind a terminating proxy (including Thruster) you'll want both. - When running without SSL (like on localhost) you'll want neither. To simplify setup for those cases, we add the `DISABLE_SSL` option. When set to `true` all SSL-related behaviour is turned off. When left as the default, it's on. We can still use `ASSUME_SSL` and `FORCE_SSL` to set those separately if required. --- config/environments/production.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 6398d14d0..031c9d2cb 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -60,12 +60,15 @@ Rails.application.configure do # config.action_cable.url = "wss://example.com/cable" # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] + # Set DISABLE_SSL=true to disable all SSL options, rather than specify each individually + ssl_enabled = "true" unless ENV["DISABLE_SSL"] == "true" + # Assume all access to the app is happening through a SSL-terminating reverse proxy. # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. - config.assume_ssl = ENV.fetch("ASSUME_SSL", "true") == "true" + config.assume_ssl = ENV.fetch("ASSUME_SSL", ssl_enabled) == "true" # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = ENV.fetch("FORCE_SSL", "true") == "true" + config.force_ssl = ENV.fetch("FORCE_SSL", ssl_enabled) == "true" # Log to STDOUT by default config.logger = ActiveSupport::Logger.new(STDOUT)