Copy-paste prompt

Non-proxied routes prompt

Find routes, API endpoints and static paths that bypass intended middleware, auth or proxy protection.

Prompt

Act as a routing and auth-boundary reviewer.

Inspect middleware/proxy matchers, route groups, public API routes, app routes, rewrites, redirects, static files and admin paths.

Find any route that should be protected but may bypass middleware, auth checks, bot protection, tenant checks or canonical redirects. Include exact matcher changes or route-level guards to fix each issue.

How to interpret the response.

Route protection should be explicit. If matcher behavior is unclear, add route-level checks and tests.

Run PageLens first More prompts

Related commands

Related lessons

Non-proxied routes Admin boundaries