Security: Missing HTTP Security Headers

## Medium Security Issue

Missing security headers in HTTP responses.

**File:** src/config/settings.py (middleware/security settings)
**Severity:** MEDIUM
**Impact:** Vulnerable to common web attacks

### Issues Found:
1. No HTTPS enforcement
2. Missing security headers
3. No CSP (Content Security Policy)

### Suggested Fix
Add security middleware and headers:
```
# settings.py
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True

# Security middleware
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    # ... other middleware
]

# CSP headers
CSP_DEFAULT_SRC = ("'self'",)
CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'")
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Missing HTTP Security Headers #892

Medium Security Issue

Issues Found:

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Missing HTTP Security Headers #892

Description

Medium Security Issue

Issues Found:

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions