94:6a0b2fa39927
Anton Shestakov <av6@dwimlabs.net>, Mon, 27 Jun 2016 18:13:01 +0800
provision: add more security-related headers to nginx config

next change 112:7eb57ee301b5
previous change 92:01512d738a37

README.rst

Permissions: -rw-r--r--

Other formats: Feeds:
|BuildStatus|_
.. |BuildStatus| image:: https://drone.io/bitbucket.org/av6/fruitbar/status.png
.. _BuildStatus: https://drone.io/bitbucket.org/av6/fruitbar/latest
Overview
========
Just another todo app. Well, maybe not quite, because it can track projects,
tasks and notes for tasks in multiple different workspaces. It looks nice
because it's built with Bootstrap and is, to some extent, elegant code-wise
because it was built with Backbone, Flask and CodernityDB.
Reason of Existence
===================
This is my way to try out some new technologies in a project slightly more
sophisticated than Hello World. Currently these technologies are:
- Flask
- CodernityDB
Also, maintaining this project is an interesting experience in itself.
Try It Out
==========
You can try the app live at https://fruitbar.dwimlabs.net/.
May want to read the next section for details on security though.
Security and Privacy
====================
If you have tried Fruitbar via the link above or have read the source code, you
may now be wondering, "isn't not having passwords a bit insecure?" And the
answer is no. As in "no, it's a **whole lot** insecure to not have passwords."
But this is a research project and it isn't pretending to be secure. Keep in
mind that everything you put in it **everyone else may read or edit**, if they
have (or can guess) the workspace link.
What's New
==========
0.4.1 (2016-05-26)
------------------
- Provisioning improvements (HPKP, gzip for static files)
- Up-to-date jQuery, Backbone, Flask-Assets, Flask-RESTful, jsmin
- Subresource Integrity (SRI) hashes for files loaded from CDNs
0.4.0 (2016-02-05)
------------------
- Update to Bootstrap 3
- Get dependencies via HTTPS only
- Demo instance now uses HTTPS
- Basic provisioning with Ansible
0.3.1 (2015-07-05)
------------------
- Preserve line breaks and white space in task notes
- Up-to-date jQuery, Backbone, Flask-RESTful
0.3.0 (2015-04-05)
------------------
- Remember accessed workspaces in localStorage
- Deploy with ``DEBUG = False`` by default
- Up-to-date jQuery, Underscore, Backbone, Flask-Assets, Flask-RESTful, jsmin
0.2.3 (2013-11-08)
------------------
- Up-to-date CodernityDB, Flask, Flask-RESTful, jsmin, jQuery, Underscore, Backbone
- New url for trying out
- Security notice in docs
0.2.2 (2013-01-11)
------------------
- Fetching tasks and projects combined in a single request
0.2.1 (2013-01-11)
------------------
- Tests
0.2.0 (2013-01-09)
------------------
- Separate workspaces
- Transition effect
0.1.0 (2012-12-26)
------------------
- Projects, tasks and task notes