Claude VM
d65cfd86df
MapLibre fetches the style URL from the browser as a `style:` source. For raster/style fetches it doesn't always carry the session cookie (varies by browser + request mode + cross-origin policy), so the middleware was hitting it with 401 "Authentication required" and the liberty basemap silently failed to load — back to the empty cream sheet we just fixed yesterday. The /api/basemap-style/[id] proxy returns a publicly-cached OpenFreeMap style with no user data — no reason to keep it behind auth. Adding it to the matcher's bypass list lets the browser fetch it cookie-less and the basemap renders correctly for everyone. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>