Feat(Security):

a. Update CORS settings
 b. Update session cookie settings
 c. Remove comments that expose project architecture (and that Claude made most of it :P)

config.py

@@ -40,7 +40,8 @@ class Config:
     # Auth0
     SESSION_COOKIE_SECURE = True
     SESSION_COOKIE_HTTPONLY = True
-    # SESSION_COOKIE_SAMESITE = 'Lax'
+    SESSION_COOKIE_SAMESITE = 'Strict'
+    REMEMBER_COOKIE_SECURE = True
     # PERMANENT_SESSION_LIFETIME = 3600
     WTF_CSRF_ENABLED = True
     # WTF_CSRF_CHECK_DEFAULT = False  # We'll check it manually for API routes
@@ -52,7 +53,7 @@ class Config:
     DOMAIN_AUTH0 = os.getenv('DOMAIN_AUTH0')
     ID_TOKEN_USER = 'user'
     # PostgreSQL
-    DB_NAME = os.getenv('partsltd')
+    DB_NAME = os.getenv('partsltd_prod')
     DB_USER = os.getenv('DB_USER')
     DB_PASSWORD = os.getenv('DB_PASSWORD')
     DB_HOST = os.getenv('DB_HOST')