vary session cookie name by public_url when public_url is not browserid.org - this addresses issues which affect testing with IE when cookies are set for both, diresworb.org and dev.diresworb.org.  closes #296.

don't require the user to sign in with a password as a side effect of using a primary email address.  closes #1049

update wsapi to return a body of 'Bad Request: no cookie' when a CSRF check fails because no cookie was sent from the client - issue #835, issue #1056

fix char munging when postprocess is in play serving large files where unicode chars fall on chunk boundaries.  closes #1057

The change to the new config busted the way include.js was served.  Instead of checking which env is being used, check whether the user wants to use minified resources.  If they do, serve up the compressed include.js, if not, serve up the debug version.

close #1027
close #1035

This reverts commit 8ce33a52.

fix dbwriter crash on stage_email call.  move 'langContext' geration into a central location.  closes #936

serve all views with cache headers requiring revalidation, varying by accept-locale, and *only* with an ETag but not last-modified (the two don't mix well, see rfc2616.  issue #620

remove check that prevents running with fake verification in production.  This will allow us to run stage with minified resources and fake verification always enabled so we can loadgen and QA at will.  closes #939 from my side

* include.js points to include_js/include.js or production/include.js depending on environment.
* Added tests checking for correct responses to 'include.js' and 'include.orig.js'.
* Added missing tests for correct response for '/test' and '/test/'
* Remove the symlink to include.js
* Remove symlink update in compress.sh

issue #921

add Vary headers to help downstream caching proxies optimize caching of static resources - closes #938

strargs is now 'format'.

For string interpolation, use %s instead of %1. %(name)s is also supported.

* include.js pointed to the production resource.
* use_minified_version was incorrectly set to true.

cache busting: add 'enable_code_version' configuration - when true return 'code_version' in session_context - also /production/XXX_vYYY.{js,css} calls now map back to /production/XXX.{js,css} - issue #226