From 51e9daf930ae90df20576e9e00e0b92367d6cb46 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Sat, 3 Sep 2022 00:09:50 +0200
Subject: [PATCH] Enable HSTS preload in app

---
 config/environments/production.rb | 1 +
 config/environments/staging.rb    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 17fc2800..4e6af6dd 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -50,6 +50,7 @@ Rails.application.configure do
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
+  config.ssl_options = {hsts: {preload: true}}
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
index b2ee0889..bf50b877 100644
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -65,6 +65,7 @@ Rails.application.configure do
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
+  config.ssl_options = {hsts: {preload: true}}
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).