From f01ec2f9a504cd6f3740cc12da665e15962c5afd Mon Sep 17 00:00:00 2001
From: Samuel Stancl <samuel@archte.ch>
Date: Mon, 11 May 2026 16:37:51 +0200
Subject: [PATCH] add comment documenting the fallthrough explicitly

---
 src/Middleware/PreventAccessFromUnwantedDomains.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Middleware/PreventAccessFromUnwantedDomains.php b/src/Middleware/PreventAccessFromUnwantedDomains.php
index 01bfe392..7f628583 100644
--- a/src/Middleware/PreventAccessFromUnwantedDomains.php
+++ b/src/Middleware/PreventAccessFromUnwantedDomains.php
@@ -35,6 +35,8 @@ class PreventAccessFromUnwantedDomains
             return $next($request);
         }
 
+        // If the route is universal, neither of these checks will pass and the logic will
+        // fall through to the $next($request) call at the end.
         if ($this->accessingTenantRouteFromCentralDomain($request, $route) || $this->accessingCentralRouteFromTenantDomain($request, $route)) {
             $abortRequest = static::$abortRequest ?? function () {
                 abort(404);