Files
ccs/ui/src
Tam Nhu Tran 5a09547532 fix(auth): signal auth-required for remote access in /api/auth/check
The auth check endpoint always returned authRequired=false when auth
was disabled, even for remote clients. This caused the UI to render
the dashboard directly, where all data API calls return 403 silently.

Now detects remote access via isLoopbackRemoteAddress and sets
effectiveAuthRequired=true, so the UI properly redirects to the login
page. Also fixes misleading catch handler comment in auth-context.
2026-03-29 10:54:44 -04:00
..