From 8985f8e66cabdc65dc3d81a3653f46d6e9799980 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Thu, 18 Aug 2016 18:39:35 +0200
Subject: [PATCH] Fixing more configuration issues with ActionCable

---
 app/controllers/application_controller.rb      | 4 ++--
 config/environments/production.rb              | 2 ++
 config/initializers/ostatus.rb                 | 2 --
 spec/controllers/api/salmon_controller_spec.rb | 6 +++++-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 91f76d311..c190abdf2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,11 +3,11 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 
-  force_ssl if: "ENV['LOCAL_HTTPS'] == 'true'"
+  force_ssl if: "Rails.env.production? && ENV['LOCAL_HTTPS'] == 'true'"
 
   # Profiling
   before_action do
-    if (current_user && current_user.admin?) || Rails.env == 'development'
+    if (current_user && current_user.admin?) || Rails.env.development?
       Rack::MiniProfiler.authorize_request
     end
   end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 09b77654f..e5cb01151 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -80,4 +80,6 @@ Rails.application.configure do
   }
 
   config.action_mailer.delivery_method = :smtp
+
+  config.action_cable.allowed_request_origins = ["http#{config.x.use_https ? 's' : ''}://#{config.x.local_domain}"]
 end
diff --git a/config/initializers/ostatus.rb b/config/initializers/ostatus.rb
index 056d30f49..3cb17c718 100644
--- a/config/initializers/ostatus.rb
+++ b/config/initializers/ostatus.rb
@@ -4,6 +4,4 @@ Rails.application.configure do
   config.x.use_https    = ENV['LOCAL_HTTPS'] == 'true'
 
   config.action_mailer.default_url_options = { host: config.x.local_domain, protocol: config.x.use_https ? 'https://' : 'http://' }
-
-  config.action_cable.allowed_request_origins = ["http#{config.x.use_https ? 's' : ''}://#{config.x.local_domain}"]
 end
diff --git a/spec/controllers/api/salmon_controller_spec.rb b/spec/controllers/api/salmon_controller_spec.rb
index 8b356640f..785e1723b 100644
--- a/spec/controllers/api/salmon_controller_spec.rb
+++ b/spec/controllers/api/salmon_controller_spec.rb
@@ -1,7 +1,7 @@
 require 'rails_helper'
 
 RSpec.describe Api::SalmonController, type: :controller do
-  let(:account) { Fabricate(:account, username: 'catsrgr8', user: Fabricate(:user)) }
+  let(:account) { Fabricate(:user, account: Fabricate(:account, username: 'catsrgr8')).account }
 
   before do
     stub_request(:get, "https://quitter.no/.well-known/host-meta").to_return(request_fixture('.host-meta.txt'))
@@ -16,6 +16,10 @@ RSpec.describe Api::SalmonController, type: :controller do
       post :update, params: { id: account.id }
     end
 
+    it 'contains XML in the request body' do
+      expect(request.body.read).to be_a String
+    end
+
     it 'returns http success' do
       expect(response).to have_http_status(:success)
     end