Change the deploy setting:

1. Enable SSL; 2. Fix depreciated warnings.
expertiza · Aug 30, 2015 · b1c7d73 · b1c7d73
1 parent 0fd6205
commit b1c7d73
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 4 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -3,11 +3,12 @@ class ApplicationController < ActionController::Base
 
   if Rails.env.production?
     #forcing SSL only in the production mode
-    #force_ssl
+    force_ssl
   end
 
   helper_method :current_user_session, :current_user, :current_user_role?
   protect_from_forgery with: :exception
+  before_filter :redirect_to_https
   before_filter :set_time_zone
   before_filter :authorize
 
@@ -64,6 +65,10 @@ def redirect_back(default = :root)
     redirect_to request.env['HTTP_REFERER'] ? :back : default
   end
 
+  def redirect_to_https
+    redirect_to :protocol => "https://" if Rails.env.production?
+  end
+
   def set_time_zone
     Time.zone = current_user.timezonepref if current_user
   end

diff --git a/config/application.rb b/config/application.rb
@@ -19,6 +19,9 @@ class Application < Rails::Application
     # Configure the default encoding used in templates for Ruby 1.9.
     config.encoding = "utf-8"
 
+    #When you are ready, you can opt into the new behavior and remove the deprecation warning by adding following configuration to your config/application.rb
+    config.active_record.raise_in_transactional_callbacks = true
+
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password, :password_confirmation, :password, :password_confirmation]
 

diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -20,8 +20,8 @@
   # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
   # config.action_dispatch.rack_cache = true
 
-  # Disable Rails's static asset server (Apache or nginx will already do this).
-  config.serve_static_assets = false
+  # Disable Rails's static file server (Apache or nginx will already do this).
+  config.serve_static_files = false
 
   # Compress JavaScripts and CSS.
   config.assets.js_compressor = :uglifier
@@ -50,7 +50,7 @@
   # config.threadsafe!
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  #config.force_ssl = true
+  config.force_ssl = true
 
   # Set to :debug to see everything in the log.
   config.log_level = :info

diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
@@ -5,3 +5,4 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 Expertiza::Application.config.secret_token = 'bde42e81831307228075769730f359975a518fbbe3e673bf4beacc377a1cf159b240d2c01f77e60f2999d6e24e05e908665c5c2c9cc4ddca4f2573710cb83f25'
+Expertiza::Application.config.secret_key_base = '8dc3f7e3f38da95f5dd0465a9de9625dab519f1329c0427fa8aa2161d059294baa11db1fab6c8d0993fa3f86c7f767c7baafbe904576948c6fa6a88c7d2e8761'