From d48d3b677c6f0a914be33ec2ea3b0e193bcb0ad6 Mon Sep 17 00:00:00 2001
From: Isay <yasnet21@gmail.com>
Date: Mon, 19 Aug 2019 07:56:33 -0500
Subject: [PATCH] Add `force_ssl` option to avoid `brakeman` to return a high
 warning

---
 Gemfile                           | 8 +++-----
 config/environments/production.rb | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index cdd12fc..55db465 100644
--- a/Gemfile
+++ b/Gemfile
@@ -17,18 +17,16 @@ gem 'turbolinks', '~> 5'
 gem 'uglifier', '>= 1.3.0'
 
 group :development, :test do
-  gem "brakeman"
-  gem "bundle-audit"
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
 end
 
 group :development do
-  # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'web-console', '>= 3.3.0'
+  gem 'brakeman'
+  gem 'bundle-audit'
   gem 'listen', '>= 3.0.5', '< 3.2'
-  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
   gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'web-console', '>= 3.3.0'
 end
 
 group :test do
diff --git a/config/environments/production.rb b/config/environments/production.rb
index b083c23..b446093 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -47,7 +47,7 @@
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true if ENV['USE_FORCE_SSL']
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.