# To-do * remove `ForceCanonicalHostnameMiddleware` by ensuring canonical redirect and HTTPS redirect is done by Apache * serve a 400 in Apache for a hostname we don't explicitly support * use `` elements for supporter page hidden sections, rather than complex jQuery - or consider Alpine.js * replace `internalNavigate` with inline flexbox layout * add tests for main pages returning 200 * standardise settings to replace `settings.py` and `djangocommonsettings.py` with `settings/prod.py` and move `SECRET_KEY` to an environment variable # Done * migrate to Django 4.2 LTS * review `apache2` directory - may be unused * add deployment script that runs migrations and collects static files * switch `ParameterValidator` to use `SECRET_KEY` if possible to minimize non-standard settings * install staticfiles app