Set more generous timeouts. Why not? I am feeling generous.

cmd/start.go

@@ -55,22 +55,22 @@ var startCmd = &cobra.Command{
 			// Define minimal defaults - GET method is required
 			AllowedMethods: []string{"GET"},
 		}
-		
+
 		// Create empty CSRF configuration with default values
 		var csrfConfig middleware.CSRFConfig
-		
+
 		// Get and validate CSRF secret from config
 		csrfSecret := viper.GetString("csrf-secret")
 		csrfKey, err := middleware.ParseCSRFKey(csrfSecret)
 		if err != nil {
-			logger.Error("invalid csrf-secret", 
+			logger.Error("invalid csrf-secret",
 				slog.String("error", err.Error()),
 				slog.String("hint", "must be exactly 32 bytes and persist across restarts"))
 			return
 		}
-		
+
 		csrfConfig.Secret = csrfKey
-		
+
 		// Only override specific settings when needed
 		if env == "development" {
 			// In development, cookies often need to work without HTTPS
@@ -95,9 +95,9 @@ var startCmd = &cobra.Command{
 		server := http.Server{
 			Addr:           ":" + port,
 			Handler:        stack(httpRequestRouter),
-			ReadTimeout:    2 * time.Second,
-			WriteTimeout:   4 * time.Second,
-			IdleTimeout:    8 * time.Second,
+			ReadTimeout:    4 * time.Second,
+			WriteTimeout:   8 * time.Second,
+			IdleTimeout:    16 * time.Second,
 			MaxHeaderBytes: 1024 * 1024,                                         // 1MB
 			BaseContext:    func(_ net.Listener) context.Context { return ctx }, // Pass base context to all requests
 		}
@@ -138,4 +138,4 @@ func init() {
 
 	// Add the command to the root command
 	rootCmd.AddCommand(startCmd)
-}
+}