thread here on slack
ok Claude suggested changing
$authenticationService->setConfig([
'unauthenticatedRedirect' => [
'prefix' => false,
'plugin' => false,
'controller' => 'Users',
'action' => 'login',
],
'queryParam' => 'redirect',
]);
to
$authenticationService->setConfig([
'unauthenticatedRedirect' => '/users/login',
'queryParam' => 'redirect',
]);
and
'loginUrl' => Router::url([
'prefix' => false,
'plugin' => false,
'controller' => 'Users',
'action' => 'login',
]),
to
'loginUrl' => '/users/login',
which seems to have done the trick