diff --git a/app/controllers/admin/visualizations_controller.rb b/app/controllers/admin/visualizations_controller.rb index 072388e122..a880b8419c 100644 --- a/app/controllers/admin/visualizations_controller.rb +++ b/app/controllers/admin/visualizations_controller.rb @@ -122,7 +122,7 @@ class Admin::VisualizationsController < Admin::AdminController end return(redirect_to protocol: 'https://') if @visualization.is_privacy_private? \ - && !(request.ssl? || request.local? || Rails.env.development?) + && Cartodb.get_config(:ssl_required) == true # Legacy redirect, now all public pages also with org. name if eligible_for_redirect?(@visualization.user) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8e0c75dd73..e9707506f8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -35,7 +35,7 @@ class ApplicationController < ActionController::Base IGNORE_PATHS_FOR_CHECK_USER_STATE = %w(maintenance_mode lockout login logout unauthenticated multifactor_authentication).freeze def self.ssl_required(*splat) - if Cartodb.config[:ssl_required].nil? || Cartodb.config[:ssl_required] + if Cartodb.config[:ssl_required] == true if splat.any? force_ssl only: splat else diff --git a/app/controllers/data_library_controller.rb b/app/controllers/data_library_controller.rb index 4096feec25..51b0537136 100644 --- a/app/controllers/data_library_controller.rb +++ b/app/controllers/data_library_controller.rb @@ -7,7 +7,7 @@ class DataLibraryController < ApplicationController def index render_404 and return if @viewed_user.nil? || (Cartodb.get_config(:data_library, 'username') && (Cartodb.get_config(:data_library, 'username') != @viewed_user.username)) - @dataset_base_url = (Rails.env.production? || Rails.env.staging?) ? "#{request.protocol}#{CartoDB.account_host}/dataset/" : "#{@viewed_user.public_url(nil, request.protocol == "https://" ? "https" : "http")}/tables/" + @dataset_base_url = Cartodb.get_config(:ssl_required) == true ? "#{request.protocol}#{CartoDB.account_host}/dataset/" : "#{@viewed_user.public_url(nil, request.protocol == "https://" ? "https" : "http")}/tables/" respond_to do |format| format.html { render 'index' } diff --git a/app/controllers/superadmin/superadmin_controller.rb b/app/controllers/superadmin/superadmin_controller.rb index fa0ff2756a..0ca1c7a6cd 100644 --- a/app/controllers/superadmin/superadmin_controller.rb +++ b/app/controllers/superadmin/superadmin_controller.rb @@ -6,7 +6,7 @@ class Superadmin::SuperadminController < ActionController::Base rescue_from StandardError, with: :rescue_from_superadmin_error def self.ssl_required(*splat) - if Cartodb.config[:ssl_required].nil? || Cartodb.config[:ssl_required] + if Cartodb.config[:ssl_required] == true force_ssl only: splat end end diff --git a/config/app_config.yml.sample b/config/app_config.yml.sample index c7278816b8..266ab6d810 100644 --- a/config/app_config.yml.sample +++ b/config/app_config.yml.sample @@ -15,6 +15,8 @@ defaults: &defaults subdomainless_urls: false http_port: 3000 # nil|integer. HTTP port to use when building urls. Leave empty to use default (80) https_port: # nil|integer. HTTPS port to use when building urls. Leave empty to use default (443) + # Setting this to true will enable ActiveController's enforcement of SSL. + ssl_required: false secret_token: '71c2b25921b84a1cb21c71503ab8fb23' # It's recommended to generate a new secret_key_base for each installation using `bundle exec rake secret` secret_key_base: '65903fa751affcdd71a9eb09308bcb404c50c8df03414db849ea22fbe8d4aae9ff344f6594630eb9c8367b4fd8ed2211d0342a49df473dccc27ae0be120b25ab' diff --git a/config/app_config.yml.sample.py2 b/config/app_config.yml.sample.py2 index 49912dc742..1ba3fc86c9 100644 --- a/config/app_config.yml.sample.py2 +++ b/config/app_config.yml.sample.py2 @@ -15,6 +15,8 @@ defaults: &defaults subdomainless_urls: false http_port: 3000 # nil|integer. HTTP port to use when building urls. Leave empty to use default (80) https_port: # nil|integer. HTTPS port to use when building urls. Leave empty to use default (443) + # Setting this to true will enable ActiveController's enforcement of SSL. + ssl_required: false secret_token: '71c2b25921b84a1cb21c71503ab8fb23' # It's recommended to generate a new secret_key_base for each installation using `bundle exec rake secret` secret_key_base: '65903fa751affcdd71a9eb09308bcb404c50c8df03414db849ea22fbe8d4aae9ff344f6594630eb9c8367b4fd8ed2211d0342a49df473dccc27ae0be120b25ab' diff --git a/config/environments/development.rb b/config/environments/development.rb index c21809dc5a..dfe8f77794 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -40,7 +40,7 @@ CartoDB::Application.configure do # In production, Apache or nginx will already do this config.serve_static_files = true - # Setting this to false will disable ActiveController's enforcement of SSL. + # Setting this to true will enable ActiveController's enforcement of SSL. config.ssl_required = false # Enable serving of images, stylesheets, and javascripts from an asset server diff --git a/config/environments/production.rb b/config/environments/production.rb index 6167ae7ccc..d441f79b00 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -39,8 +39,9 @@ CartoDB::Application.configure do # Use a different cache store in production # config.cache_store = :mem_cache_store - # Setting this to false will disable ActiveController's enforcement of SSL. + # Setting this to true will enable ActiveController's enforcement of SSL. config.ssl_required = true + # Disable Rails's static asset server # In production, Apache or nginx will already do this config.serve_static_files = false diff --git a/config/environments/staging.rb b/config/environments/staging.rb index ab02985fa4..f2c5904276 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -28,8 +28,9 @@ CartoDB::Application.configure do config.log_level = :info - # Setting this to false will disable ActiveController's enforcement of SSL. + # Setting this to true will enable ActiveController's enforcement of SSL. config.ssl_required = true + # Use a different logger for distributed setups # config.logger = SyslogLogger.new diff --git a/config/environments/test.rb b/config/environments/test.rb index f8013c9472..7a38f7446a 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -46,8 +46,9 @@ CartoDB::Application.configure do # config.logger = Logger.new(STDOUT) # config.logger.level = Logger::WARN - # Setting this to false will disable ActiveController's enforcement of SSL. + # Setting this to true will enable ActiveController's enforcement of SSL. config.ssl_required = false + # Configure static asset server for tests with Cache-Control for performance config.serve_static_files = true config.static_cache_control = "public, max-age=3600" diff --git a/config/initializers/carto_db.rb b/config/initializers/carto_db.rb index 1b7aa18229..76b959b151 100644 --- a/config/initializers/carto_db.rb +++ b/config/initializers/carto_db.rb @@ -241,7 +241,7 @@ module CartoDB end def self.use_https? - Cartodb.config[:ssl_required].nil? || Cartodb.config[:ssl_required] + Cartodb.config[:ssl_required] == true end def self.get_session_domain diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 1b464134de..1ef3dcb7a6 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,2 +1,2 @@ domain = CartoDB.subdomainless_urls? ? nil : Cartodb.config[:session_domain] -CartoDB::Application.config.session_store :cookie_store, key: '_cartodb_session', secure_random: true, domain: domain, expire_after: 7.days, httponly: true, secure: (Cartodb.config[:ssl_required].nil? || Cartodb.config[:ssl_required]) +CartoDB::Application.config.session_store :cookie_store, key: '_cartodb_session', secure_random: true, domain: domain, expire_after: 7.days, httponly: true, secure: Cartodb.config[:ssl_required] == true