Security Hardening Pass

[charlieroth]

Why

Reduce risk from common web threats and protect user data.

Definition of Done

• All routes validate inputs and enforce size limits.
• Authentication cookies use secure flags where applicable.
• Response headers set strict transport security, content type options, frame options, and cross origin policies.
• Logging excludes secrets and personal data.
• Dependency audit produces zero high‑severity findings.

Tasks

• Add request body limits and uniform input validation.
• Configure secure cookies and same site policy for the web client.
• Set default security headers in middleware.
• Scrub sensitive fields from all logs.
• Run dependency audit and fix or deny vulnerable crates.