diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/environments/development.rb | 2 | ||||
| -rw-r--r-- | config/general.yml-example | 5 |
2 files changed, 7 insertions, 0 deletions
diff --git a/config/environments/development.rb b/config/environments/development.rb index c43cdb049..04680f17c 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -27,3 +27,5 @@ config.action_mailer.smtp_settings = { :address => "localhost", :port => 1025 } # unintentionally kept references to objects, especially strings. # require 'memory_profiler' # MemoryProfiler.start :string_debug => true, :delay => 10 + +config.middleware.insert_after ActionController::Failsafe, "Rack::SSL" if ::Configuration::force_ssl diff --git a/config/general.yml-example b/config/general.yml-example index bfe289541..4b9c22f79 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -12,6 +12,11 @@ SITE_NAME: 'Alaveteli' # Domain used in URLs generated by scripts (e.g. for going in some emails) DOMAIN: '127.0.0.1:3000' +# If true forces everyone (in the production environment) to use encrypted connections +# (via https) by redirecting unencrypted connections. This is *highly* recommended +# so that logins can't be intercepted by naughty people. +FORCE_SSL: true + # ISO country code of country currrently deployed in # (http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) ISO_COUNTRY_CODE: GB |