Guard the /suggestions HTML page with the same auth as its API #9
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Severity: low
Category: security
Location:
suggestions/routes_flask.py:70-72Problem
_guard()protects the suggestion API routes but notsuggestions_page(). Harmless while current_user() is a stub, but inconsistent once real auth lands.Suggested fix
Apply the guard/redirect to suggestions_page() too.
Filed by automated code review.