✅ Secure Insecure Design Demo

This secure implementation demonstrates proper design where approval status is enforced server-side only. Clients cannot tamper with it.

🔍 How to Test:

  1. Submit any request description above.
  2. Observe that approved: false is always enforced by the server.
  3. Open DevTools → Network → Inspect the POST payload — it doesnot include any approval field.
  4. Server logic decides whether a request gets approved.