Independent consultant, developer, content creator, mentor with 10+ years experience in making things happen.
Check out my coding channel: https://www.youtube.com/@rytis-codes
My thoughts exactly on the security. Even though security through obscurity is not a good practice, if we return 401 for all unauthenticated requests, then we're hiding which routes exist if the user is not authenticated.
My thoughts exactly on the security. Even though security through obscurity is not a good practice, if we return 401 for all unauthenticated requests, then we're hiding which routes exist if the user is not authenticated.
Yeah on a security aspect it makes totally sense.