houllette
commented
3 months ago This is a great PR, thanks @alvarezloaiciga and sorry for the delay in evaluating it! Just a quick note that we should probably figure out before merging this in - so as pointed out by #166, force_ssl being in runtime.exs won't work since it is exclusively a compile time config. The latest changes in #166 actual move towards excluding HSTS checks for the runtime.exs file; so obviously we should still check for all the other HTTPS configs in runtime, but we don't need to worry about force_ssl. So it may make sense to change the values found in the runtime.exs test case you have here 🙂
This fixes an issue with new phoenix projects moving away from
prod.exstoruntime.exs