d00308c43d
Remove the ssl_options config option. Let nginx handle HSTS and http->https redirects instead. At the rails level, all we need to do is set the secure cookie flag when https is enabled (which we assume it's enabled in production).
4 lines
218 B
Ruby
4 lines
218 B
Ruby
# Be sure to restart your server when you modify this file.
|
|
|
|
Rails.application.config.session_store :cookie_store, key: '_danbooru2_session', domain: :all, tld_length: 2, same_site: :lax, secure: Rails.env.production?
|