Skip to content

Security Hardening Pass #35

New issue
New issue
Open
Open
Security Hardening Pass#35
Assignees
charlieroth
Labels
enhancementNew feature or request
Milestone
Milestone 4
@charlieroth

Description

@charlieroth
charlieroth
opened on Aug 19, 2025

Why

Reduce risk from common web threats and protect user data.

Definition of Done

  • All routes validate inputs and enforce size limits.
  • Authentication cookies use secure flags where applicable.
  • Response headers set strict transport security, content type options, frame options, and cross origin policies.
  • Logging excludes secrets and personal data.
  • Dependency audit produces zero high‑severity findings.

Tasks

  • Add request body limits and uniform input validation.
  • Configure secure cookies and same site policy for the web client.
  • Set default security headers in middleware.
  • Scrub sensitive fields from all logs.
  • Run dependency audit and fix or deny vulnerable crates.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions