Not being able to see your own activity in the thread and comment pages
made me feel like a ghost. This change will probably make it slightly
harder to find new content but I think being able to see your own posts
is an important part of the community feedback loop.
This should probably be separated into a few commits, but honestly I'm
feeling a bit lazy and I don't think this will hurt anything.
The `<nav>` was getting pretty hectic so I've removed "readme" and
"likes". The readme is now in the "meta" page, previously called
"status", and the likes are now available on each author's profile.
The big change here is that the default view is now the thread view, not
the comment view, so by default you're only going to see new threads
rather than random comments. This makes the feed a bit slower and more
cohesive, so you aren't seeing random comments on posts from 2 years
ago.
To be decided: should the comments view show root posts from threads? Or
should it just show comments? Right now it's basically a firehose view,
but I'm not sure that "firehose" is very accessible language for most
people.
Serving HTML under the same domain is dangerous, because it means that a
malicious user could serve JavaScript that could act on other pages on
the domain. This could allow a malicious user to read or publish
information from a blob URL.
This commit stops that behavior by delegating blobs to their own blob
subdomain and adding HTTP headers for security so that they can't access
the application.