diff --git a/server/main.py b/server/main.py index db65b061..16a93989 100644 --- a/server/main.py +++ b/server/main.py @@ -400,9 +400,6 @@ class SecurityHeadersMiddleware: app.add_middleware(SecurityHeadersMiddleware) -# App auth: protect /app/ HTML pages behind refresh-cookie (before JWT/DB/CORS) -app.add_middleware(AppAuthMiddleware) - # F2a-10 / F2d-02: global JWT gate for all /api/* (inside DbSession — uses request.state.db) app.add_middleware(JwtAuthMiddleware)