X-Forwarded-Proto
header. See HTTP Request Headers for more information.FORCE_SSL
Configuration variable to true
(it must be set to the string true
, not just any value).
FORCE_SSL
in detailFORCE_SSL=true
on an app causes 2 things to happen:
Strict-Transport-Security
header on responses with a max-age of 1 year.Strict-Transport-Security
header before using this feature.
In particular, by design, clients that connect to your site and receive this header will refuse to reconnect via HTTP for up to a year after they receive the Strict-Transport-Security
header.
FORCE_SSL
FORCE_SSL
, you’ll need to use the aptible config:set
command.
The value must be set to the string true
(e.g., setting to 1
won’t work).