Add production runtime config to the missing HTTPS check #122
Labels
Comments
|
Hey @LGuichet! This sounds like a great add - do you have a code example or link to an open source project that has this type of configuration style I can test against? |
|
While I could not find any applied exemple, it can be found in the template phoenix uses when generating fresh apps. Runtime config has been introduced relatively recently with elixir v1.11 in 2020, and it aims amongst other things to phase out the release.exs file |
|
Hi @houllette , I have raised a PR to fix this, at least for the https one #162 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Phoenix HTTPS configuration is often done in the runtime.exs file.
The production related config is inside the following block
if config_env() == :prod do #...When scanning for HTTPS enabling config, Sobelow only looks in the prod.exs file.
It should also be able to check into the runtime.exs file to avoid false-positives, idealy selectively inside the above code block
The text was updated successfully, but these errors were encountered: