From f0610f363d96473f05ddb7f765c7883f3b8f0908 Mon Sep 17 00:00:00 2001
From: Joshua Arts <josha5@outlook.com>
Date: Thu, 2 Aug 2018 14:58:20 -0400
Subject: [PATCH] add option to force ssl

---
 config/environments/production.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 42654597..374565c4 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -42,7 +42,10 @@ Rails.application.configure do
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = (ENV["ENABLE_SSL"] == "true")
+
+  # Force SSL for loadbalancer configurations.
+  config.force_ssl = true if ENV["LOADBALANCER_ENDPOINT"].present? && ENV["LOADBALANCER_SECRET"].present?
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.