Remove all support for mixed content (http/https)

Instead, as of now we run all content over https always. The enforcment of this is
placed in the webserver, which makes it impossible to miss it on some feature.

This retires the setting SITEBASE_SSL, and changes SITEBASE to be https.
It also retires DISABLE_HTTPS_REDIRECTS, which has no use anymore.
And finally, SESSION_COOKIE_SECURE is now set by default, and needs to be turned
off in local development environments.

1 files changed, 2 insertions, 4 deletions

diff --git a/postgresqleu/paypal/views.py b/postgresqleu/paypal/views.py
index b9fe676d..6969813c 100644
--- a/postgresqleu/paypal/views.py
+++ b/postgresqleu/paypal/views.py
@@ -11,12 +11,10 @@ from urllib import urlencode, unquote_plus
 
 from postgresqleu.invoices.util import InvoiceManager
 from postgresqleu.invoices.models import InvoicePaymentMethod
-from postgresqleu.util.decorators import ssl_required
 from postgresqleu.accounting.util import create_accounting_entry
 
 from models import TransactionInfo, ErrorLog, SourceAccount
 
-@ssl_required
 @transaction.atomic
 def paypal_return_handler(request):
 	tx = 'UNKNOWN'
@@ -183,11 +181,11 @@ def paypal_return_handler(request):
 				if i.recipient_user:
 					# Registered to a specific user, so request that users
 					# login on redirect
-					url = "%s/invoices/%s/" % (settings.SITEBASE_SSL, i.pk)
+					url = "%s/invoices/%s/" % (settings.SITEBASE, i.pk)
 				else:
 					# No user account registered, so send back to the secret
 					# url version
-					url = "%s/invoices/%s/%s/" % (settings.SITEBASE_SSL, i.pk, i.recipient_secret)
+					url = "%s/invoices/%s/%s/" % (settings.SITEBASE, i.pk, i.recipient_secret)
 
 			return render_to_response('paypal/complete.html', {
 					'invoice': i,