Avoid Forcing SSL in Production Environment Issue Fixed #314
Conversation
|
I think the Rails default makes more sense here. If you genuinely wanted this off in production you could make the change on your end. |
|
What's the scenario for wanting to run this without SSL in a production environment? |
When running behind a reverse proxy that already handles SSL |
|
I think this is what this config setting is for Reference rails/rails#47139 Docs for assume_ssl |
| config.force_ssl = true | ||
| # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. | ||
| #If the variable is set to 'true', SSL enforcement will be enabled; otherwise, it will be disabled. | ||
| config.force_ssl = ENV.fetch("FORCE_SSL", "true") == "true" |
There was a problem hiding this comment.
Should the default value not a return a boolean value instead of a string?
ENV.fetch("FORCE_SSL", true) == "true"If there's a better option than using "true" as the value to look for in the environment variable I would use that but I cannot think of one that isn't overly complex.
|
I agree with most everyone else that it isn't really necessary but I do see one circumstance where this could be useful, it just depends on the direction the project is going. It's useful if the application is dockerized and you need to change the setting but there isn't an official docker image yet that I can see, so you can just build your own image change the config setting. If the application goes the direction of pushing an official docker image then this could be useful. |
|
@amacleod1417 let's go ahead and implement the solution proposed here in this issue: https://github.com/maybe-finance/maybe/issues/308#issuecomment-1934615353 Also, could you please fix the lint errors? Will get this merged after! |
|
Closing for now. Will address SSL in a dedicated issue alongside the creation of an official Dockerfile |
7 participants
No description provided.