diff --git a/app/controllers/my_profile/cms_controller.rb b/app/controllers/my_profile/cms_controller.rb
index fcea2df..ac5a38c 100644
--- a/app/controllers/my_profile/cms_controller.rb
+++ b/app/controllers/my_profile/cms_controller.rb
@@ -3,6 +3,16 @@ class CmsController < MyProfileController
   protect 'post_content', :profile, :except => [:set_home_page]
   protect 'edit_profile', :profile, :only => [:set_home_page]
 
+  alias :check_ssl_orig :check_ssl
+  # Redefines the SSL checking to avoid requiring SSL when creating the "New
+  # publication" button on article's public view.
+  def check_ssl
+    if ((params[:action] == 'new') && (!request.xhr?)) || (params[:action] != 'new')
+      #raise 'bli'
+      check_ssl_orig
+    end
+  end
+
   def boxes_holder
     profile
   end
diff --git a/test/functional/cms_controller_test.rb b/test/functional/cms_controller_test.rb
index 534125b..197b358 100644
--- a/test/functional/cms_controller_test.rb
+++ b/test/functional/cms_controller_test.rb
@@ -592,4 +592,22 @@ class CmsControllerTest < Test::Unit::TestCase
     end
   end
 
+  should 'require ssl in general' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :index, :profile => 'testinguser'
+    assert_redirected_to :protocol => 'https://'
+  end
+
+  should 'accept ajax connections to new action without ssl' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    xml_http_request :get, :new, :profile => 'testinguser'
+    assert_response :success
+  end
+
+  should 'not accept non-ajax connections to new action without ssl' do
+    @request.expects(:ssl?).returns(false).at_least_once
+    get :new, :profile => 'testinguser'
+    assert_redirected_to :protocol => 'https://'
+  end
+
 end
--
libgit2 0.21.2