I think there’s a solid argument for global auth middleware, where this is a problem if you use the path for exceptions like health-checks or a login endpoint.