1f4e8a5958
Four new tests against the composed handle (with sequence stubbed to return the head function): backend 401 on a private path redirects to /login?reason=expired; backend 401 on /login does NOT redirect (no loop); missing fa_session passes through without a backend call; 200 attaches the user to event.locals. Closes the hook-coverage gap flagged by Sara S1. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
5.1 KiB
5.1 KiB