From 43580c3545ee4a4ccaa325c595dfd6a0f714e9b0 Mon Sep 17 00:00:00 2001
From: Rien Maertens <maertensrien@gmail.com>
Date: Wed, 8 Aug 2018 14:22:00 +0200
Subject: [PATCH] Security++

---
 config/environments/production.rb            | 2 +-
 config/initializers/remove_runtime_header.rb | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 config/initializers/remove_runtime_header.rb

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 80a1f6b..31ec3d8 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -47,7 +47,7 @@ Rails.application.configure do
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
diff --git a/config/initializers/remove_runtime_header.rb b/config/initializers/remove_runtime_header.rb
new file mode 100644
index 0000000..04aea02
--- /dev/null
+++ b/config/initializers/remove_runtime_header.rb
@@ -0,0 +1,3 @@
+if Rails.env.production?
+  Rails.application.config.middleware.delete(Rack::Runtime)
+end