- I created a backend workflow that is exposed called
validate-token. - Tested, it worked.
- I then created a custom event with the same name.
- It stopped working (404)
- change name of custom event, it works.
- make them the same, it stops working
This smells like the type of bug that can be exploited. Why would a custom event – an internal function – affect an external endpoint?