Use default Rails SSL configuration values (!74040) · Merge requests · GitLab.org / GitLab

Heinrich Lee Yu requested to merge 332288-use-defaults-for-ssl-config into master Nov 09, 2021

What does this MR do and why?

This does not change anything because we don't set force_ssl to true even in production: https://gitlab.com/gitlab-org/gitlab/blob/d11ace2405a4af37e85b329ac00e1deec4ca3dca/config/environments/production.rb#L37

Omnibus and CNG handles this via NGINX: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security

Follow-up to !70577 (merged) / #332288 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 09, 2021 by Heinrich Lee Yu

Use default Rails SSL configuration values

What does this MR do and why?

MR acceptance checklist

Merge request reports