This checks the avatar size on the client side (if available) and
on the server side against a configuration-defined limit. The
default limit is set to use the same value as in the original
report, as no sensible limit value is known.
Fixes#67.
Previously, some kinds of errors would throw nice and fun cascades
of exceptions.
We now have a nice, clean error page for 500 and 503 (backend
connectivity) errors which includes minimal debugging information
for productive setups and a traceback for development setups.
In any case, the full exception is logged to the log with an error
ID which is printed on the error page.
snikket_web can now be fully configured via the environment alone,
no extra files needed. It is still supported to inject a python
file to generate environment variables though, which may be
useful for generating and reloading a secret key.
- Avoid fighting import cycles using a factory function
- Collapse useless subpackages into simple modules
- Move flask plugins / infrastructure in own module
- Refactor how blueprints are used to localize information about
URL routing to app factory
- Fix etag attaching (add_etag is actually a coroutine which hashes
the data payload)
- Add expires header (with now + 1800s default) so that we don’t
get hit with an avatar request on each load -- also helps with
page responsiveness.
- Proper handling for HEAD requests.
- CSP to prevent funny SVG attacks.
If a session cookie is set, but prosody doesn’t know about the
session anymore, we could get into fun states. This patch fixes
them by requiring the session to be tested with a ping request
on each HTTP request.
- Create a colour palette
- Create a sizing schema for paddings and fonts
- Implement basic form controls
- Create a theme demo page
- Apply the theme to the existing pages.
Still TODO is the final font selection.
