From ddaa4a6704ad2078ccc3a896c07fa7760f65402a Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Thu, 19 Aug 2010 18:31:10 -0700
Subject: [PATCH] social buttons iframe

---
 helios             | 2 +-
 settings.py.sample | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/helios b/helios
index f4bde26..e8f1320 160000
--- a/helios
+++ b/helios
@@ -1 +1 @@
-Subproject commit f4bde266d529fd8386aaf31782e9dd530d9d26e4
+Subproject commit e8f1320aabf08b3bbb513a53408ec41128e6ead6
diff --git a/settings.py.sample b/settings.py.sample
index 2221fd1..936054a 100644
--- a/settings.py.sample
+++ b/settings.py.sample
@@ -109,6 +109,12 @@ LOGOUT_ON_CONFIRMATION = True
 URL_HOST = "http://localhost:8000"
 SECURE_URL_HOST = "https://localhost:8443"
 
+# this additional host is used to iframe-isolate the social buttons,
+# which usually involve hooking in remote JavaScript, which could be
+# a security issue. Plus, if there's a loading issue, it blocks the whole
+# page. Not cool.
+SOCIALBUTTONS_URL_HOST= "http://127.0.0.1:8000"
+
 # election stuff
 SITE_TITLE = 'Helios Election Server'
 
-- 
GitLab