diff options
| author | Matt Jankowski <mjankowski@thoughtbot.com> | 2017-04-22 22:22:22 -0400 |
|---|---|---|
| committer | Eugen <eugen@zeonfederated.com> | 2017-04-23 04:22:22 +0200 |
| commit | ee82d8a8761f0bedc97f5e79565b7c5142c1b8bd (patch) | |
| tree | 464a5df6d532e09a4439d059c34c3bb11e4981ce /app/controllers/application_controller.rb | |
| parent | 1646ca75f02f21e058d11885edd4ae9b5d7ff8cd (diff) | |
Move force_ssl check to production config (#2165)
The force_ssl method from controllers does not add all of the options that the sitewide configuration in a config block does. For example, HSTS enforcement is not added by the controller method, but is added by this style.
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a1b9b985c..92755bcd3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,8 +5,6 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception - force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'" - include Localized helper_method :current_account |