From a011169459dbf8660266ca134102b385d712b508 Mon Sep 17 00:00:00 2001 From: jamey Date: Mon, 9 Mar 2026 09:48:06 +0000 Subject: [PATCH] fix force_ssl compile-time config mismatch force_ssl must be set at compile time (in prod.exs), not runtime. Phoenix validates compile-time config at boot and was crashing because the value differed between compile and runtime. Co-Authored-By: Claude Opus 4.5 --- config/prod.exs | 6 +++++- config/runtime.exs | 4 +--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/prod.exs b/config/prod.exs index 6d1269e..51a307b 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -5,7 +5,11 @@ import Config # manifest is generated by the `mix assets.deploy` task, # which you should run after static files are built and # before starting your production server. -config :berrypod, BerrypodWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json" +config :berrypod, BerrypodWeb.Endpoint, + cache_static_manifest: "priv/static/cache_manifest.json", + # HSTS tells browsers to always use HTTPS for this domain (1 year, include subdomains) + # This must be set at compile time, not runtime + force_ssl: [hsts: true, rewrite_on: [:x_forwarded_proto]] # Configures Swoosh API Client config :swoosh, api_client: Swoosh.ApiClient.Req diff --git a/config/runtime.exs b/config/runtime.exs index 477fff0..f95a858 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -64,9 +64,7 @@ if config_env() == :prod do ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: port ], - secret_key_base: secret_key_base, - # HSTS tells browsers to always use HTTPS for this domain (1 year, include subdomains) - force_ssl: [hsts: true, rewrite_on: [:x_forwarded_proto]] + secret_key_base: secret_key_base # ## SSL Support #