- Fix etag attaching (add_etag is actually a coroutine which hashes
the data payload)
- Add expires header (with now + 1800s default) so that we don’t
get hit with an avatar request on each load -- also helps with
page responsiveness.
- Proper handling for HEAD requests.
- CSP to prevent funny SVG attacks.
If a session cookie is set, but prosody doesn’t know about the
session anymore, we could get into fun states. This patch fixes
them by requiring the session to be tested with a ping request
on each HTTP request.
- Create a colour palette
- Create a sizing schema for paddings and fonts
- Implement basic form controls
- Create a theme demo page
- Apply the theme to the existing pages.
Still TODO is the final font selection.
