🔥 Remove SSL redirect exemptions

It turns out that HSTS is being enforced at the `va.gov` domain level, so exempting these routes at the Rails middleware level is futile.
department-of-veterans-affairs · Jul 26, 2024 · be7a4c7 · be7a4c7
1 parent 130791a
commit be7a4c7
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 103 deletions.
diff --git a/app/policies/ssl_redirect_exclusion_policy.rb b/app/policies/ssl_redirect_exclusion_policy.rb
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -45,7 +45,6 @@
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
-  config.ssl_options = { redirect: { exclude: SslRedirectExclusionPolicy } }
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.

diff --git a/spec/requests/ssl_redirects_spec.rb b/spec/requests/ssl_redirects_spec.rb