* Remove the signup page and all remnants of it.

add access-control-allow-origin to all static resources (excluding views), to allow fonts to be requested cross domain.  fixes a regression introduced during the merge of router, for issue #1973

rename the 'add email' email we send out to 'confirm', and use it in both the email addition case, and the email reverification case.  This is more about semantics than behavior change

issue #1793

(cache unit tests, issue #1353) check for proper X-Frame-Options headers on initial request as well as 304 response

Adding unit test to demonstrate x-frame-options value for iframed and non-iframed content, after a 304

update cache header tests because etagify lazy calculates content hashes for etag headers, see comment in commit contents

update cache header tests because etagify lazy calculates content hashes for etag headers, see comment in commit contents

* Add a new view, cookies_disabled - this is displayed to browsers that do not allow access to localStorage when cookies are disabled (Firefox, Chrome, Fennec)
* Add localStorage check in include.js to check for browsers that do not allow write access to localStorage.
* Add a Javascript cookie check in network.js->cookiesEnabled using a test cookie with duration of 1 second so it is never sent to the server.
* Remove the old cookies_enabled check that was theorized to come from session_context - remove this from the XHR mock as well.

issue #835

serve all views with cache headers requiring revalidation, varying by accept-locale, and *only* with an ETag but not last-modified (the two don't mix well, see rfc2616.  issue #620