Make sensitive pages https
|Reported by:||dmartinc||Owned by:|
Pages where the user inputs a password (such a introducing a modification key, or a manager setting up the modification key of an event) should be https.
This can be done by setting the RH class' _tohttps flag to True; and the https URLS can be generated with the SecureURLHandler / OptionallySecureURLHandler classes.
Remember to verify that after a page is turned into https, everything (the JS imports, the images, the AJAX calls, the JS-added images) have to be https :) Normally _tohttps should take care of that but try to check it anyway.