Always use https in SSO

maxmi · maxmi · commit 83d9c636dfd0 · 2015-04-10T10:54:32.000+02:00
diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php b/src/app/code/community/Zendesk/Zendesk/controllers/Adminhtml/ZendeskController.php
@@ -119,7 +119,7 @@ public function authenticateAction()
         $jwt = JWT::encode($payload, $token);
         $return = $return_url ? "&return_to=".$return_url : "";
         
-        $url = "http://".$domain."/access/jwt?jwt=" . $jwt . $return;
+        $url = "https://".$domain."/access/jwt?jwt=" . $jwt . $return;
 
         Mage::log('Admin URL: ' . $url, null, 'zendesk.log');
 
@@ -202,7 +202,7 @@ public function launchAction()
         $sso = Mage::getStoreConfig('zendesk/sso/enabled');
         
         if (!$sso) {
-            $url = "http://".$domain;
+            $url = "https://".$domain;
         } elseif(Mage::helper('zendesk')->isSSOAdminUsersEnabled()) {
             $url = Mage::helper('zendesk')->getSSOAuthUrlAdminUsers();
         } else {
diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php b/src/app/code/community/Zendesk/Zendesk/controllers/SsoController.php
@@ -80,7 +80,7 @@ public function loginAction()
         $jwt = JWT::encode($payload, $token);
         $return_url = $return_url ? "&return_to=".$return_url : "";
         
-        $url = "http://".$domain."/access/jwt?jwt=" . $jwt.$return_url;
+        $url = "https://".$domain."/access/jwt?jwt=" . $jwt.$return_url;
 
         Mage::log('End-user URL: ' . $url, null, 'zendesk.log');
 
