From bb9d30521f57e05fa79b37bd15bfa2b3355be8d7 Mon Sep 17 00:00:00 2001
From: Mike Zornek <zorn@zornlabs.com>
Date: Thu, 5 Sep 2024 21:49:01 -0400
Subject: [PATCH] Solve for `Config.HTTPS: HTTPS Not Enabled - High Confidence`
 by configuring `prod` to use SSL.

---
 config/prod.exs | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/config/prod.exs b/config/prod.exs
index 648f793..c7d1bf8 100644
--- a/config/prod.exs
+++ b/config/prod.exs
@@ -1,11 +1,15 @@
 import Config
 
-# Note we also include the path to a cache manifest
-# containing the digested version of static files. This
-# manifest is generated by the `mix assets.deploy` task,
-# which you should run after static files are built and
-# before starting your production server.
-config :flick, FlickWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
+config :flick, FlickWeb.Endpoint,
+  # Note we also include the path to a cache manifest
+  # containing the digested version of static files. This
+  # manifest is generated by the `mix assets.deploy` task,
+  # which you should run after static files are built and
+  # before starting your production server.
+  cache_static_manifest: "priv/static/cache_manifest.json",
+
+  # https://hexdocs.pm/phoenix/using_ssl.html#hsts
+  force_ssl: [hsts: true]
 
 # Configures Swoosh API Client
 config :swoosh, api_client: Swoosh.ApiClient.Finch, finch_name: Flick.Finch