From 8459acd1234e9efcbf106e3eaa00ca871717d386 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 18 Aug 2016 17:48:57 +0200 Subject: Fix for force SSL issue with websockets --- app/controllers/application_controller.rb | 2 ++ config/environments/production.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b10fa977e..91f76d311 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,6 +3,8 @@ class ApplicationController < ActionController::Base # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception + force_ssl if: "ENV['LOCAL_HTTPS'] == 'true'" + # Profiling before_action do if (current_user && current_user.admin?) || Rails.env == 'development' diff --git a/config/environments/production.rb b/config/environments/production.rb index 4c4ed760c..09b77654f 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -32,7 +32,7 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = ENV['LOCAL_HTTPS'] == 'true' + config.force_ssl = false # Use the lowest log level to ensure availability of diagnostic information # when problems arise. -- cgit