mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 10:16:49 +00:00
The auth check endpoint always returned authRequired=false when auth was disabled, even for remote clients. This caused the UI to render the dashboard directly, where all data API calls return 403 silently. Now detects remote access via isLoopbackRemoteAddress and sets effectiveAuthRequired=true, so the UI properly redirects to the login page. Also fixes misleading catch handler comment in auth-context.