The SSB network is full of discussion about the SSB network, which isn't
very accessible for the majority of people. SSB developers use SSB to
talk about SSB, a practice often called "eating your own dog food",
which exascerbates the problem.
This commit filters the "dogfood" from the public thread and comment
views, which can be avoided by appending `/dogfood` to the URL.
- http://localhost:3000/public/threads/dogfood
- http://localhost:3000/public/comments/dogfood
This is a hack, and should be resolved with sorting and filters and all
sorts of fancy options for each list of messages, but I want to start
experimenting with this view (and talking to people who aren't talking
about SSB).
Serving HTML under the same domain is dangerous, because it means that a
malicious user could serve JavaScript that could act on other pages on
the domain. This could allow a malicious user to read or publish
information from a blob URL.
This commit stops that behavior by delegating blobs to their own blob
subdomain and adding HTTP headers for security so that they can't access
the application.
Christian Bundy