fix: remove force_ssl to restore a working Render deployment (#86)

zorn · Sep 8, 2024 · 7e6df6d · 7e6df6d
1 parent c9b1abd
commit 7e6df6d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml
@@ -42,5 +42,5 @@ jobs:
         if: always()
 
       - name: Check for security vulnerabilities in Phoenix project
-        run: mix sobelow
+        run: mix sobelow --config
         if: always()
diff --git a/.sobelow-conf b/.sobelow-conf
@@ -0,0 +1 @@
+[verbose: true, private: false, skip: false, router: nil, exit: false, format: "txt", out: nil, threshold: :low, ignore: ["Config.HTTPS"], ignore_files: [], version: false]
diff --git a/config/prod.exs b/config/prod.exs
@@ -1,15 +1,17 @@
 import Config
 
 config :flick, FlickWeb.Endpoint,
+  # https://hexdocs.pm/phoenix/using_ssl.html#hsts
+  # FIXME: Restore this in the future.
+  # https://github.com/zorn/flick/issues/85
+  # force_ssl: [hsts: true]
+
   # Note we also include the path to a cache manifest
   # containing the digested version of static files. This
   # manifest is generated by the `mix assets.deploy` task,
   # which you should run after static files are built and
   # before starting your production server.
-  cache_static_manifest: "priv/static/cache_manifest.json",
-
-  # https://hexdocs.pm/phoenix/using_ssl.html#hsts
-  force_ssl: [hsts: true]
+  cache_static_manifest: "priv/static/cache_manifest.json"
 
 # Configures Swoosh API Client
 config :swoosh, api_client: Swoosh.ApiClient.Finch, finch_name: Flick.Finch
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		[verbose: true, private: false, skip: false, router: nil, exit: false, format: "txt", out: nil, threshold: :low, ignore: ["Config.HTTPS"], ignore_files: [], version: false]