diff --git a/helios b/helios index f4bde266d529fd8386aaf31782e9dd530d9d26e4..e8f1320aabf08b3bbb513a53408ec41128e6ead6 160000 --- a/helios +++ b/helios @@ -1 +1 @@ -Subproject commit f4bde266d529fd8386aaf31782e9dd530d9d26e4 +Subproject commit e8f1320aabf08b3bbb513a53408ec41128e6ead6 diff --git a/settings.py.sample b/settings.py.sample index 2221fd1c332c8011811c00e840583a1be0952137..936054af63eb2f760d47e75a8cc512eb6c6ff888 100644 --- a/settings.py.sample +++ b/settings.py.sample @@ -109,6 +109,12 @@ LOGOUT_ON_CONFIRMATION = True URL_HOST = "http://localhost:8000" SECURE_URL_HOST = "https://localhost:8443" +# this additional host is used to iframe-isolate the social buttons, +# which usually involve hooking in remote JavaScript, which could be +# a security issue. Plus, if there's a loading issue, it blocks the whole +# page. Not cool. +SOCIALBUTTONS_URL_HOST= "http://127.0.0.1:8000" + # election stuff SITE_TITLE = 'Helios Election Server'