1252f7bd35
Two issues caught in the real-client smoke: 1) BestHTTP's SocketOptions.AdditionalQueryParams puts BattleId and viewerId on HTTP request HEADERS for WebSocket-only transport (NOT on the URL query string as the in-battle/transport.md spec says). Real clients therefore send them as headers; our handler was reading from query and rejecting every connect with "Unknown battle/viewer pair: <bid>/<garbage>". Fix: header-first, query- fallback (so the integration test still works against TestServer). 2) The Steam auth handler was running on every WS upgrade and throwing NotSupportedException on Request.Body.Seek (Kestrel's HttpRequestStream doesn't support Seek, and a WS upgrade is GET with Content-Length: 0 anyway). It flooded logs and added no value — the battle node has its own per-connection credentials. Skip auth when IsWebSocketRequest is true. Spec correction for in-battle/transport.md to follow. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>