fix(auth): 補 StartSession middleware 給 OAuth routes #24
Reference in New Issue
Block a user
Delete Branch "security/auth-p2-lockout-oauth-state"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
api.php 的 route 預設無 session middleware,
移除 stateless() 後 session() 呼叫直接 500。
只對 /auth/google/* 兩個 route 加 StartSession,不影響其他 API endpoint。
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com