diff --git a/config/application.rb b/config/application.rb
index 25bdb856..0c86c586 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -27,6 +27,10 @@ class Application < Rails::Application
     # Custom directories with classes and modules you want to be autoloadable.
     config.autoload_paths += %W(lib)
 
+
+    # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+    config.force_ssl = (ENV["ENABLE_HTTPS"] == "yes")
+
     # Only load the plugins named here, in the order given (default is alphabetical).
     # :all can be used as a placeholder for all plugins not explicitly named.
     # config.plugins = [ :exception_notification, :ssl_requirement, :all ]