From a4ed15255355418d6e9db35385568bd2501dfa07 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Fri, 8 Oct 2010 09:41:45 -0700
Subject: [PATCH] more tweaks to ensure all auth is done over SSL, and then
 redirects to non-SSL

---
 auth/templates/login_box.html | 2 +-
 helios/views.py               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/auth/templates/login_box.html b/auth/templates/login_box.html
index 4fb7a6e..2f0f735 100644
--- a/auth/templates/login_box.html
+++ b/auth/templates/login_box.html
@@ -17,7 +17,7 @@
 </form>
 {% else %}
 <p>
-    <a href="{% url auth.views.start system_name=auth_system %}?return_url={{return_url}}" style="font-size: 1.4em;">
+    <a href="{{SECURE_URL_HOST}}{% url auth.views.start system_name=auth_system %}?return_url={{return_url}}" style="font-size: 1.4em;">
 <img border="0" height="35" src="/static/auth/login-icons/{{auth_system}}.png" alt="{{auth_system}}" /> {{auth_system}}
 {% endifequal %}
 </a>
diff --git a/helios/views.py b/helios/views.py
index 9430583..ac2101b 100644
--- a/helios/views.py
+++ b/helios/views.py
@@ -421,7 +421,7 @@ def one_election_cast(request, election):
   on a GET, this is a cancellation, on a POST it's a cast
   """
   if request.method == "GET":
-    return HttpResponseRedirect(reverse(one_election_view, args = [election.uuid]))
+    return HttpResponseRedirect("%s%s" % (settings.URL_HOST, reverse(one_election_view, args = [election.uuid])))
     
   user = get_user(request)    
   encrypted_vote = request.POST['encrypted_vote']
-- 
GitLab