How to disable SSL?

I have tried setting force_ssl: false in my Endpoint config but it keeps adding HSTS headers…

edit: this has to be coming from somewhere else… the setting is disabled in cloudflare so i have no idea

I am not sure but I think you have to set :https to false and not the force_ssl.

Have a look at
https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-runtime-configuration
under https

I would like https to be available if they want to use it i just dont want to force redirect to it

Ah okay I see, that works for me.
I provide :http and :https and don’t add the :force_ssl at all in prod.exs.
My page is that way available over both ways http:// and https://

3 Likes