When a session times out or user accesses pages with wrong role,
redirect to login instead of showing error page.
Changes:
- Extend exception handler to redirect on 403 errors with auth codes
- Add tests for HTML page auth redirect behavior
Error codes that trigger redirect:
- ADMIN_REQUIRED, INSUFFICIENT_PERMISSIONS, USER_NOT_ACTIVE
- VENDOR_ACCESS_DENIED, UNAUTHORIZED_VENDOR_ACCESS
- VENDOR_OWNER_ONLY, INSUFFICIENT_VENDOR_PERMISSIONS
- CUSTOMER_NOT_AUTHORIZED
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove |safe from |tojson in HTML attributes (x-data) - quotes must
become " for browsers to parse correctly
- Update LANG-002 and LANG-003 architecture rules to document correct
|tojson usage patterns:
- HTML attributes: |tojson (no |safe)
- Script blocks: |tojson|safe
- Fix validator to warn when |tojson|safe is used in x-data (breaks
HTML attribute parsing)
- Improve code quality across services, APIs, and tests
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix middleware fixtures: vendor_code instead of code, add owner_user_id to company
- Fix performance tests: MarketplaceProduct uses translations for title/description
- Fix security tests: use correct API endpoints (/api/v1/admin/*, /api/v1/vendor/*)
- Fix workflow tests: use actual admin API endpoints
- Fix background task tests: remove invalid vendor_name field, add language
Note: Many middleware integration tests still fail due to dynamic routes
being caught by the /{slug} catch-all route. These tests need further
refactoring to use /api/* prefixed routes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
