# To-do * rate limiting to prevent abuse - especially on POST requests * consider removing `events` and `worldmap` modules * ask Denver about why so many license files # Done * ensure appropriate caching headers are used * remove `internalNavigate` * add tests for main pages returning 200 * move `SITE_FUNDGOAL` configuration to `settings.py` * move `sponsors.py` and `sponsors.html` into `supporters` app * use `` elements for supporter page hidden sections, rather than complex jQuery * remove jQuery * split the template/content files out from `conservancy/static` into their own `content` directory (avoid mixing static and non-static content) * remove `ForceCanonicalHostnameMiddleware` by ensuring canonical redirect and HTTPS redirect is done by Apache * standardise settings to replace `settings.py` and `djangocommonsettings.py` with `settings/prod.py` and move `SECRET_KEY` to an environment variable * migrate to Django 4.2 LTS * review `apache2` directory - may be unused * add deployment script that runs migrations and collects static files * switch `ParameterValidator` to use `SECRET_KEY` if possible to minimize non-standard settings * install staticfiles app