AntiPattern
Handshake/State Gating Mismatch
handshake-state-gating-mismatch
Browser clients and gateway logic gate downstream RPCs on the wrong state (raw WebSocket open, browser flag, or client fields), so requests race ahead of the first handshake and/or bypass authorization rules, surfacing as intermittent 500s, insecure state rewrites, or origin/CORS failures.