I have tried setting force_ssl: false
in my Endpoint config but it keeps adding HSTS headers…
edit: this has to be coming from somewhere else… the setting is disabled in cloudflare so i have no idea
I have tried setting force_ssl: false
in my Endpoint config but it keeps adding HSTS headers…
edit: this has to be coming from somewhere else… the setting is disabled in cloudflare so i have no idea
I am not sure but I think you have to set :https
to false
and not the force_ssl
.
Have a look at
https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-runtime-configuration
under https
I would like https to be available if they want to use it i just dont want to force redirect to it
Ah okay I see, that works for me.
I provide :http
and :https
and don’t add the :force_ssl
at all in prod.exs
.
My page is that way available over both ways http:// and https://