-
Mahmoud Aglan authored
All auth controllers were always returning JSON responses via the ApiResponse trait, even for standard HTML form submissions. Browser forms don't set Accept: application/json, so they received raw JSON text instead of proper redirects/error displays. Now all controllers check expectsJson() to serve both web and API clients correctly. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
b1a00cdb