Add force_ssl option to avoid brakeman to return a high warning

isay-sosa · Aug 19, 2019 · d48d3b6 · d48d3b6
1 parent 60b8110
commit d48d3b6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 6 deletions.
diff --git a/Gemfile b/Gemfile
@@ -17,18 +17,16 @@ gem 'turbolinks', '~> 5'
 gem 'uglifier', '>= 1.3.0'
 
 group :development, :test do
-  gem "brakeman"
-  gem "bundle-audit"
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
 end
 
 group :development do
-  # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'web-console', '>= 3.3.0'
+  gem 'brakeman'
+  gem 'bundle-audit'
   gem 'listen', '>= 3.0.5', '< 3.2'
-  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'web-console', '>= 3.3.0'
 end
 
 group :test do

diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -47,7 +47,7 @@
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true if ENV['USE_FORCE_SSL']
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.