From 67421a4c0c8d198aaa6d00d57524d6725cadbb95 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sat, 25 Apr 2026 01:22:33 +0200
Subject: [PATCH] docs(richtlinien): document why prerender=true is auth-safe

handleAuth in hooks.server.ts is in the sequence() chain and redirects
unauthenticated users at runtime regardless of prerender. Adding a comment
so the next reader doesn't mistake this for a security hole. (Markus/Nora)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 frontend/src/routes/hilfe/transkription/+page.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/frontend/src/routes/hilfe/transkription/+page.ts b/frontend/src/routes/hilfe/transkription/+page.ts
index 189f71e2..3bead06e 100644
--- a/frontend/src/routes/hilfe/transkription/+page.ts
+++ b/frontend/src/routes/hilfe/transkription/+page.ts
@@ -1 +1,6 @@
+// prerender = true is safe here: hooks.server.ts exports
+//   handle = sequence(userGroup, handleAuth, ...)
+// where handleAuth redirects all non-public paths to /login at runtime.
+// Prerendered HTML is served, but the browser still hits handleAuth on
+// every navigation — unauthenticated users are redirected before seeing content.
 export const prerender = true;