• Stars
    star
    354
  • Rank 120,042 (Top 3 %)
  • Language
    Python
  • License
    Other
  • Created over 9 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Technical details that a programmer of a web application should consider before making the site public.

Webapp Checklist

FOSSA Status

Technical details that a programmer of a web application should consider before making the site public.

The idea here is that most of us should already know most of what is on this list. But there just might be one or two items you haven't really looked into before, don't fully understand, or maybe never even heard of.

Interface and User Experience

  • Be aware that browsers implement standards inconsistently and make sure your site works reasonably well across all major browsers. At a minimum test against a recent Gecko engine (Firefox), a WebKit engine (Safari and some mobile browsers), Chrome, your supported IE browsers (take advantage of the Application Compatibility VPC Images), and Opera. Also consider how browsers render your site in different operating systems.
  • Consider how people might use the site other than from the major browsers: cell phones, screen readers and search engines, for example. β€” Some accessibility info: WAI and Section508, Mobile development: MobiForge.
  • Staging: How to deploy updates without affecting your users. Have one or more test or staging environments available to implement changes to architecture, code or sweeping content and ensure that they can be deployed in a controlled way without breaking anything. Have an automated way of then deploying approved changes to the live site. This is most effectively implemented in conjunction with the use of a version control system (CVS, Subversion, etc.) and an automated build mechanism (Ant, NAnt, etc.).
  • Don't display unfriendly errors directly to the user.
  • Don't put users' email addresses in plain text as they will get spammed to death.
  • Add the attribute rel="nofollow" to user-generated links to avoid spam.
  • Build well-considered limits into your site - This also belongs under Security.
  • Learn how to do progressive enhancement.
  • Redirect after a POST if that POST was successful, to prevent a refresh from submitting again.
  • Don't forget to take accessibility into account. It's always a good idea and in certain circumstances it's a legal requirement. WAI-ARIA and WCAG 2 are good resources in this area.
  • Don't make me think

Security

Performance

  • Implement caching if necessary, understand and use HTTP caching properly as well as HTML5 Manifest.
  • Optimize images - don't use a 20 KB image for a repeating background.
  • Learn how to gzip/deflate content (deflate is better).
  • Combine/concatenate multiple stylesheets or multiple script files to reduce number of browser connections and improve gzip ability to compress duplications between files.
  • Take a look at the Yahoo Exceptional Performance site, lots of great guidelines, including improving front-end performance and their YSlow tool (requires Firefox, Safari, Chrome or Opera). Also, Google page speed (use with browser extension) is another tool for performance profiling, and it optimizes your images too.
  • Use CSS Image Sprites for small related images like toolbars (see the "minimize HTTP requests" point)
  • Busy web sites should consider splitting components across domains. Specifically...
  • Static content (i.e. images, CSS, JavaScript, and generally content that doesn't need access to cookies) should go in a separate domain that does not use cookies, because all cookies for a domain and its subdomains are sent with every request to the domain and its subdomains. One good option here is to use a Content Delivery Network (CDN), but consider the case where that CDN may fail by including alternative CDNs, or local copies that can be served instead.
  • Minimize the total number of HTTP requests required for a browser to render the page.
  • Utilize Google Closure Compiler for JavaScript and other minification tools.
  • Make sure there’s a favicon.ico file in the root of the site, i.e. /favicon.ico. Browsers will automatically request it, even if the icon isn’t mentioned in the HTML at all. If you don’t have a /favicon.ico, this will result in a lot of 404s, draining your server’s bandwidth.

SEO (Search Engine Optimization)

  • Use "search engine friendly" URLs, i.e. use example.com/pages/45-article-title instead of example.com/index.php?page=45
  • When using # for dynamic content change the # to #! and then on the server $_REQUEST["_escaped_fragment_"] is what googlebot uses instead of #!. In other words, ./#!page=1 becomes ./?_escaped_fragments_=page=1. Also, for users that may be using FF.b4 or Chromium, history.pushState({"foo":"bar"}, "About", "./?page=1"); Is a great command. So even though the address bar has changed the page does not reload. This allows you to use ? instead of #! to keep dynamic content and also tell the server when you email the link that we are after this page, and the AJAX does not need to make another extra request.
  • Don't use links that say "click here". You're wasting an SEO opportunity and it makes things harder for people with screen readers.
  • Have an XML sitemap, preferably in the default location /sitemap.xml.
  • Use <link rel="canonical" ... /> when you have multiple URLs that point to the same content, this issue can also be addressed from Google Webmaster Tools.
  • Use Google Webmaster Tools and Bing Webmaster Tools.
  • Install Google Analytics right at the start (or an open source analysis tool like Piwik).
  • Know how robots.txt and search engine spiders work.
  • Redirect requests (using 301 Moved Permanently) asking for www.example.com to example.com (or the other way round) to prevent splitting the google ranking between both sites.
  • Know that there can be badly-behaved spiders out there.
  • If you have non-text content look into Google's sitemap extensions for video etc. There is some good information about this in Tim Farley's answer.

Technology

  • Understand HTTP and things like GET, POST, sessions, cookies, and what it means to be "stateless".
  • Write your XHTML/HTML and CSS according to the W3C specifications and make sure they validate. The goal here is to avoid browser quirks modes and as a bonus make it much easier to work with non-traditional browsers like screen readers and mobile devices.
  • Understand how JavaScript is processed in the browser.
  • Understand how JavaScript, style sheets, and other resources used by your page are loaded and consider their impact on perceived performance. It is now widely regarded as appropriate to move scripts to the bottom of your pages with exceptions typically being things like analytics apps or HTML5 shims.
  • Understand how the JavaScript sandbox works, especially if you intend to use iframes.
  • Be aware that JavaScript can and will be disabled, and that AJAX is therefore an extension, not a baseline. Even if most normal users leave it on now, remember that NoScript is becoming more popular, mobile devices may not work as expected, and Google won't run most of your JavaScript when indexing the site.
  • Learn the difference between 301 and 302 redirects (this is also an SEO issue).
  • Learn as much as you possibly can about your deployment platform.
  • Consider using a Reset Style Sheet or normalize.css.
  • Consider JavaScript frameworks (such as jQuery, MooTools, Prototype, Dojo or YUI 3), which will hide a lot of the browser differences when using JavaScript for DOM manipulation.
  • Taking perceived performance and JS frameworks together, consider using a service such as the Google Libraries API to load frameworks so that a browser can use a copy of the framework it has already cached rather than downloading a duplicate copy from your site.
  • Don't reinvent the wheel. Before doing ANYTHING search for a component or example on how to do it. There is a 99% chance that someone has done it and released an OSS version of the code.
  • On the flipside of that, don't start with 20 libraries before you've even decided what your needs are. Particularly on the client-side web where it's almost always ultimately more important to keep things lightweight, fast, and flexible.

Bug fixing

  • Understand you'll spend 20% of your time coding and 80% of it maintaining, so code accordingly.
  • Set up a good error reporting solution.
  • Have a system for people to contact you with suggestions and criticisms.
  • Document how the application works for future support staff and people performing maintenance.
  • Make frequent backups! (And make sure those backups are functional) Have a restore strategy, not just a backup strategy.
  • Use a version control system to store your files, such as Subversion, Mercurial or Git.
  • Don't forget to do your Acceptance Testing. Frameworks like Selenium can help. Especially if you fully automate your testing, perhaps by using a Continuous Integration tool, such as Jenkins or Drone.
  • Make sure you have sufficient logging in place using frameworks such as log4j, log4net or log4r. If something goes wrong on your live site, you'll need a way of finding out what.
  • When logging make sure you capture both handled exceptions, and unhandled exceptions. Report/analyse the log output, as it'll show you where the key issues are in your site.

Other

  • Implement both server-side and client-side monitoring and analytics (one should be proactive rather than reactive).
  • Use services like UserVoice and Intercom (or any other similar tools) to constantly keep in touch with your users.
  • Follow Vincent Driessen's Git branching model

Disclaimer

This was originally a question asked on Programmers-StackExchange by Joel Coehoorn and has since been answered and maintained as community wiki.

There are three reasons why I am making a GitHub repo:

  1. Collaborative editing is much more powerful on GitHub.
  2. People can fork this repo and make customizations that might not apply to everyone else.
  3. We can have translations of the answer in many languages. Not everyone is good with English.

Question

What things should a programmer implementing the technical details of a web application consider before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well?

I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports).

Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web.

Also, I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification.

License

FOSSA Status

More Repositories

1

awesome-programmer

A collection of resources to learn from and become a self-taught awesome programmer.
92
star
2

octodex

GitHub's Octocats.
79
star
3

DSBarChart

A simple Objective-C Bar Chart / Histogram library for iOS / macOS applications.
Objective-C
38
star
4

email-template-generator

Email Template Generator. Generate responsive, maintainable & unified templates for Sendgrid, Mandrill, etc. Using SASS, Pug and common layout.
CSS
28
star
5

garuda

Automagically Exposing Django ORM over gRPC for microservices written in any other languages
Python
21
star
6

orm-choices

Helpful decorators + utils for choice fields (Django choices or SQLAlchemy ChoiceType). Do choices the pythonic way.
Python
13
star
7

hostscli

hostscli - A CLI tool to block / unblock websites using /etc/hosts. Super simple and easily extendable. Also block Ads, Tracking & Malware sites.
Python
12
star
8

best-practices

A collection of best practices that we have learnt so far
12
star
9

dhilipsiva.com

Source code of my personal website and blog.
HTML
10
star
10

style.js

A layman's tool to style HTML Elements and share CSS values
HTML
7
star
11

ircman

IRC Manager (ircman) - IRC sucks. Lets fix it. Deprecated.
Python
5
star
12

pwdman

An offline CLI-based strong Password Generator / Manager. Built by developers for developers
Python
4
star
13

watchmen

Fabric Script to install Graphite, StatsD, Sentry & Sherlog.js
Python
4
star
14

ircman-web

This is the front end code for IRC Manager (ircman)
CSS
4
star
15

scrum

A scrum CLI tool & Python wrapper to manage Issues, Labels & Milestones in multiple repositories on GitHub
Python
4
star
16

talks

Notes for Workshops / Talks / Presentations / Demos that I give at various events. I have no idea what I am talking about 😜
Python
4
star
17

kidosheets

Math and other worksheets for kids. Excel worksheets for kids to teach them math and other things. Generated with Python.
Python
3
star
18

django-shorturl

A very simple URL Shortener Django app
Python
3
star
19

robotframework

My experiments with RobotFramework
RobotFramework
3
star
20

djocker

A Django + Docker Demo app for my talk at
Python
3
star
21

moback

A generic game / mobile backend in python
Python
3
star
22

snippets

A collection of miscellaneous code snippets.
Python
3
star
23

.files

My brand new .files (dotfiles).
Nushell
3
star
24

keka-attendance-regularize

Just a RobotFramework script to regularize attendance in Keka - The HR payroll Software
RobotFramework
3
star
25

blockchain

A simple Blockchain in Python implemented with asyncio
Python
2
star
26

learn-rust

Code that I wrote while learning Rust from the Rust Book
Rust
2
star
27

isRTL.coffee

A small JavaScript Library to detect RTL (Right-To-Left) text.
CoffeeScript
2
star
28

prana

Loosely translated Sanskrit word for 'Energy'. Just another interview challenge.
Python
2
star
29

ember-cli-piechart

A very simple Canvas based Ember CLI addon for creating pie charts
JavaScript
2
star
30

stackopenflow-api

StackOpenflow API (Python/Django backend) made for DjangoCon EU 2021
Python
2
star
31

dssudokusolver

DhilipSiva 's Sudoku Solver
HTML
2
star
32

dotfiles

DEPRECATED. My new .files has been moved to dhilipsiva/.files.
Shell
2
star
33

test

This is my playground. Noting to see here. Move on.
Python
2
star
34

teaclix

[DEPRECATED] TeaClix - Long ago me and my uncle thought about starting up. This is an attempt at building the product.
Ruby
1
star
35

DjConEU2021

Slides for my DjConEU2021 talk
1
star
36

new-horizon-devops-workshop

Python
1
star
37

stackopenflow-app

StackOpenflow App (React Frontend) made for DjangoCon EU 2021
JavaScript
1
star
38

dhilipsiva

My Profile readme
1
star
39

guinix

Rust
1
star
40

game-of-life

Conway's Game of Life
Rust
1
star
41

learn-elixir

Just a repo to track my elixir and ecosystem learning progress
Elixir
1
star
42

peg

My PEG Experiments (Parsing Expression Grammar)
Rust
1
star
43

open-source-paas

A Presentation on Intro & Comparison to Open Source PaaS Solutions (Deis / Dokku / Flynn).
CSS
1
star
44

mec-gems

Muthayammal Engineering College's GEMS Club inauguration slides
CSS
1
star
45

life

Some Goals of my life.
1
star
46

termask

TermAsk - A curses-based python library & terminal utility to ask questions and get answers in a wizardly fashion.
Python
1
star
47

orkut

My orkut profile
1
star