From b1c7d736b50086fee71a54d242d99e3495cfd901 Mon Sep 17 00:00:00 2001 From: Winbobob Date: Sun, 30 Aug 2015 16:53:58 -0400 Subject: [PATCH] Change the deploy setting: 1. Enable SSL; 2. Fix depreciated warnings. --- app/controllers/application_controller.rb | 7 ++++++- config/application.rb | 3 +++ config/environments/production.rb | 6 +++--- config/initializers/secret_token.rb | 1 + 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 9902f3bd1d5..b6ffffc9824 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,11 +3,12 @@ class ApplicationController < ActionController::Base if Rails.env.production? #forcing SSL only in the production mode - #force_ssl + force_ssl end helper_method :current_user_session, :current_user, :current_user_role? protect_from_forgery with: :exception + before_filter :redirect_to_https before_filter :set_time_zone before_filter :authorize @@ -64,6 +65,10 @@ def redirect_back(default = :root) redirect_to request.env['HTTP_REFERER'] ? :back : default end + def redirect_to_https + redirect_to :protocol => "https://" if Rails.env.production? + end + def set_time_zone Time.zone = current_user.timezonepref if current_user end diff --git a/config/application.rb b/config/application.rb index 219b55f5871..255ba0f7395 100644 --- a/config/application.rb +++ b/config/application.rb @@ -19,6 +19,9 @@ class Application < Rails::Application # Configure the default encoding used in templates for Ruby 1.9. config.encoding = "utf-8" + #When you are ready, you can opt into the new behavior and remove the deprecation warning by adding following configuration to your config/application.rb + config.active_record.raise_in_transactional_callbacks = true + # Configure sensitive parameters which will be filtered from the log file. config.filter_parameters += [:password, :password_confirmation, :password, :password_confirmation] diff --git a/config/environments/production.rb b/config/environments/production.rb index 8b4101c3c13..f0500fadf85 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -20,8 +20,8 @@ # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. # config.action_dispatch.rack_cache = true - # Disable Rails's static asset server (Apache or nginx will already do this). - config.serve_static_assets = false + # Disable Rails's static file server (Apache or nginx will already do this). + config.serve_static_files = false # Compress JavaScripts and CSS. config.assets.js_compressor = :uglifier @@ -50,7 +50,7 @@ # config.threadsafe! # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - #config.force_ssl = true + config.force_ssl = true # Set to :debug to see everything in the log. config.log_level = :info diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 29d51ed04e0..72647c89549 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -5,3 +5,4 @@ # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. Expertiza::Application.config.secret_token = 'bde42e81831307228075769730f359975a518fbbe3e673bf4beacc377a1cf159b240d2c01f77e60f2999d6e24e05e908665c5c2c9cc4ddca4f2573710cb83f25' +Expertiza::Application.config.secret_key_base = '8dc3f7e3f38da95f5dd0465a9de9625dab519f1329c0427fa8aa2161d059294baa11db1fab6c8d0993fa3f86c7f767c7baafbe904576948c6fa6a88c7d2e8761'