uncommitted changes on production

[jduss4]

@techgique can you take a look and see if those should be committed?

jdussault@cors1601 /var/local/www/rails/cdrhapi.unl.edu/v1 $ git diff
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 179a06a..e9bbd6f 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -32,7 +32,11 @@ Rails.application.configure do
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]

   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true
+
+  # Handle STS here instead of Apache, or Rails duplicates header contents
+  # Also unset cache-control header in HTTPS vhost for same reason
+  config.ssl_options = { hsts: { preload: true } }

   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb
index d859e4b..4f869a0 100644
--- a/config/initializers/new_framework_defaults.rb
+++ b/config/initializers/new_framework_defaults.rb
@@ -15,4 +15,4 @@ Rails.application.config.active_record.belongs_to_required_by_default = true
 ActiveSupport.halt_callback_chains_on_return_false = false

 # Configure SSL options to enable HSTS with subdomains. Previous versions had false.
-Rails.application.config.ssl_options = { hsts: { subdomains: true } }
+#Rails.application.config.ssl_options = { hsts: { subdomains: true } }

[techgique]

Looks like these changes were committed and are all as they should be. Those new_framework_defaults initializers will probably need review upon further Rails upgrades, but that is a separate issue.