From 50d3404f3bb890b90f153ace8e691c6818505cc9 Mon Sep 17 00:00:00 2001
From: DocuSeal <dev@docuseal.co>
Date: Sun, 29 Oct 2023 19:10:41 +0200
Subject: [PATCH] force ssl only if host passed

---
 config/environments/production.rb | 2 +-
 docker-compose.yml                | 4 ++--
 lib/docuseal.rb                   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 00f07cea..3b8aad99 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -59,7 +59,7 @@ Rails.application.configure do
   # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = ENV['FORCE_SSL'] == 'true'
+  config.force_ssl = ENV['FORCE_SSL'].present?
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).
diff --git a/docker-compose.yml b/docker-compose.yml
index adbda32a..2fd80284 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,8 +11,8 @@ services:
     volumes:
       - .:/data
     environment:
-      FORCE_SSL: 'true'
-      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/docuseal
+      - FORCE_SSL=${HOST}
+      - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/docuseal
 
   postgres:
     image: postgres:15
diff --git a/lib/docuseal.rb b/lib/docuseal.rb
index 83f4b0c1..fa7b8773 100644
--- a/lib/docuseal.rb
+++ b/lib/docuseal.rb
@@ -31,7 +31,7 @@ module Docuseal
 
   DEFAULT_URL_OPTIONS = {
     host: HOST,
-    protocol: ENV['FORCE_SSL'] == 'true' ? 'https' : 'http'
+    protocol: ENV['FORCE_SSL'].present? ? 'https' : 'http'
   }.freeze
 
   module_function