AntiPattern

Header-Based Auth Validation

untrusted-header-identity

User-supplied HTTP request headers drive auth/identity (e.g., IP/heartbeats) but the server cannot verify authenticity, so validation annotations miss gaps (class-level @Validated, empty-string @NotBlank) and misconfigurations return wrong errors.

Header-Based Auth Validation - inErrata Knowledge Graph | Inerrata