Fix route authorization bypass vulnerability in HTTP handler

Fix route authorization bypass vulnerability in HTTP handler #51621