From ddaa4a6704ad2078ccc3a896c07fa7760f65402a Mon Sep 17 00:00:00 2001 From: Ben Adida <ben@adida.net> Date: Thu, 19 Aug 2010 18:31:10 -0700 Subject: [PATCH] social buttons iframe --- helios | 2 +- settings.py.sample | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/helios b/helios index f4bde26..e8f1320 160000 --- a/helios +++ b/helios @@ -1 +1 @@ -Subproject commit f4bde266d529fd8386aaf31782e9dd530d9d26e4 +Subproject commit e8f1320aabf08b3bbb513a53408ec41128e6ead6 diff --git a/settings.py.sample b/settings.py.sample index 2221fd1..936054a 100644 --- a/settings.py.sample +++ b/settings.py.sample @@ -109,6 +109,12 @@ LOGOUT_ON_CONFIRMATION = True URL_HOST = "http://localhost:8000" SECURE_URL_HOST = "https://localhost:8443" +# this additional host is used to iframe-isolate the social buttons, +# which usually involve hooking in remote JavaScript, which could be +# a security issue. Plus, if there's a loading issue, it blocks the whole +# page. Not cool. +SOCIALBUTTONS_URL_HOST= "http://127.0.0.1:8000" + # election stuff SITE_TITLE = 'Helios Election Server' -- GitLab