From e1bbbea74261be7c11be94b1d66a92fa4768df83 Mon Sep 17 00:00:00 2001
From: Rachael Booth <Rachael.Booth@softwire.com>
Date: Thu, 19 Dec 2024 16:08:45 +0000
Subject: [PATCH] Use assume ssl setting (#2878)

---
 config/environments/production.rb | 2 +-
 config/environments/review.rb     | 4 ++++
 config/environments/staging.rb    | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 9721f76ed..38c906384 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -35,7 +35,7 @@ Rails.application.configure do
 
   # Assume all access to the app is happening through a SSL-terminating reverse proxy.
   # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
-  # config.assume_ssl = true
+  config.assume_ssl = true
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
diff --git a/config/environments/review.rb b/config/environments/review.rb
index 471879b27..772f78943 100644
--- a/config/environments/review.rb
+++ b/config/environments/review.rb
@@ -39,6 +39,10 @@ Rails.application.configure do
   # config.action_cable.url = 'wss://example.com/cable'
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
+  # Assume all access to the app is happening through a SSL-terminating reverse proxy.
+  # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
+  config.assume_ssl = true
+
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
 
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
index 56352d3bb..4ffe480ff 100644
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -39,6 +39,10 @@ Rails.application.configure do
   # config.action_cable.url = 'wss://example.com/cable'
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
+  # Assume all access to the app is happening through a SSL-terminating reverse proxy.
+  # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
+  config.assume_ssl = true
+
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true