enable SSL

app/controllers/application_controller.rb

@@ -3,12 +3,11 @@ class ApplicationController < ActionController::Base
 
   if Rails.env.production?
     #forcing SSL only in the production mode
-    #force_ssl
+    force_ssl
   end
 
   helper_method :current_user_session, :current_user, :current_user_role?
   protect_from_forgery with: :exception
-  #before_filter :redirect_to_https
   before_filter :set_time_zone
   before_filter :authorize
 
@@ -65,10 +64,6 @@ def redirect_back(default = :root)
     redirect_to request.env['HTTP_REFERER'] ? :back : default
   end
 
-  #def redirect_to_https
-  #  redirect_to :protocol => "https://" if Rails.env.production?
-  #end
-
   def set_time_zone
     Time.zone = current_user.timezonepref if current_user
   end

config/environments/production.rb

@@ -50,7 +50,7 @@
   # config.threadsafe!
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  #config.force_ssl = true
+  config.force_ssl = true
 
   # Set to :debug to see everything in the log.
   config.log_level = :info

config/initializers/initializer.rb

@@ -0,0 +1,20 @@
+ActionController::ForceSSL::ClassMethods.module_eval do
+  def force_ssl(options = {})
+    config = Rails.application.config
+
+    return unless config.use_ssl # <= this is new
+
+    host = options.delete(:host)
+    port = config.ssl_port if config.respond_to?(:ssl_port) && config.ssl_port.present? # <= this is also new
+
+    before_filter(options) do
+      if !request.ssl?# && !Rails.env.development? # commented out the exclusion of the development environment
+        redirect_options = {:protocol => 'https://', :status => :moved_permanently}
+        redirect_options.merge!(:host => host) if host
+        redirect_options.merge!(:port => port) if port # <= this is also new
+        redirect_options.merge!(:params => request.query_parameters)
+        redirect_to redirect_options
+      end
+    end
+  end
+end