**Description:** Fix current misconfigurations of CORS, secure headers, and ensure the API is safe against common web vulnerabilities. **Checklist:** - [ ] Proper `Access-Control-Allow-*` settings - [ ] CSRF protection (if applicable) - [ ] Set security headers (CSP, XSS protection, etc.) - [ ] Input sanitization / validation - [ ] Penetration / vulnerability testing **Labels:** `backend` `bug` `security`
Description:
Fix current misconfigurations of CORS, secure headers, and ensure the API is safe against common web vulnerabilities.
Checklist:
Access-Control-Allow-*settingsLabels:
backendbugsecurity