We really should not be storing bot API keys in the DOM and should
require some sort of additional authentication before showing them,
but this seems reasonable for a first pass.
(imported from commit c7d75aa52e21894bf53917457e771c18de38bbcc)
We will minify our code, rather than trying to restrict who can see the
un-minified code. Removing access control first simplifies things.
Manual deployment steps:
scp servers/puppet/files/nginx/humbug-include/app root@staging.humbughq.com:/etc/nginx/humbug-include/
ssh root@staging.humbughq.com service nginx reload
and then the same for app.humbughq.com once deployed to prod.
(imported from commit 63788aa3fa7ba5fd97fcf85b05760abb5e7cae4b)
The key property is that we never reveal the non-public directory name
4nrjx8cwce2bka8r to a not-logged-in user. This makes it less likely that
random people from the Internet will download all our client code while we're
still in private beta.
(imported from commit 7428e847e0a1a34152cb6dc2b677c1b47290c202)
Zev Benjamin
Keegan McAllister