fix: solve sidekiq allowed content

Author: Bulletdev

app/controllers/api/v1/images_controller.rb

@@ -15,7 +15,9 @@ module V1
     #   GET /api/v1/images/proxy?url=https://upload.wikimedia.org/...
     #   Headers: { Authorization: "Bearer <token>" }
     class ImagesController < BaseController
-      # SECURITY: Removed skip_before_action - authentication now required
+      # ALLOWED_DOMAINS + HTTPS-only + SSRF protection are sufficient guards;
+      # JWT auth is skipped because browsers cannot attach Authorization headers to <img> src requests.
+      skip_before_action :authenticate_request!, only: [:proxy]
 
       ALLOWED_DOMAINS = [
         'upload.wikimedia.org',