require valid OpenWebRX ticket for all authorize calls

test/auth-methods.integration.test.js

@@ -1671,6 +1671,9 @@ test("openwebrx session is owner-bound and release disables tx first", async (t)
   const authOk = await fetch(`${baseUrl}/v1/openwebrx/authorize?ticket=${encodeURIComponent(session.session.ticket)}`);
   assert.equal(authOk.status, 200);
 
+  const authWithoutTicket = await fetch(`${baseUrl}/v1/openwebrx/authorize`);
+  assert.equal(authWithoutTicket.status, 403);
+
   await requestJson(baseUrl, "/v1/openwebrx/tx/enable", {
     method: "POST",
     headers,