AlexisLeDain eddfeb6fbf fix(security): reject requests with missing/malformed auth header ...

The custom auth filter only rejected invalid tokens but silently
passed through requests without an Authorization header, creating
a complete auth bypass. Inverted the guard to reject-first: abort
immediately when header is absent or malformed, then validate.

2026-04-09 16:09:10 +02:00

..

SKILL.md

fix(security): reject requests with missing/malformed auth header

2026-04-09 16:09:10 +02:00