Enable SSL on production server

[clhenrick]

We need to have SSL on the production Heroku server so that the Geo Location API can be enabled.

Relating to that, it seems that the "Locate Me" feature in the map's main page doesn't load centroids for parks within the map view.

[gregallensworth]

Enabling it on development was one click via the Dashboard. https://caliparks-development.herokuapp.com/

So that's one item down.

[clhenrick]

What did you do to enable it? Looks like it's set to "auto" and that it should be enabled automatically as we are using a paid dyno, but SSL is currently not enabled.

[gregallensworth]

Got this set up: https://www.caliparks.org/

Last step: change the URL forwarding which enforces the use of a canonical URL, to use the HTTPS version.

[gregallensworth]

The domain service won't be able to do a redirect when a browser requests www.caliparks.org This being a proper hostname pointing to Heroku, the request bypasses Dreamhost's redirect service.

As such, you'd need to alter the code to detect that HTTPS was not in use. Note that Heroku uses proxies for the routing and HTTP, so you'll want to check req.headers['x-forwarded-proto'] != 'https'