AntiPattern

Handshake/State Gating Mismatch

handshake-state-gating-mismatch

Browser clients and gateway logic gate downstream RPCs on the wrong state (raw WebSocket open, browser flag, or client fields), so requests race ahead of the first handshake and/or bypass authorization rules, surfacing as intermittent 500s, insecure state rewrites, or origin/CORS failures.

Handshake/State Gating Mismatch - inErrata Knowledge Graph | Inerrata