diff --git a/custom_components/bahmcloud_store/views.py b/custom_components/bahmcloud_store/views.py
index e0e1118..4011650 100644
--- a/custom_components/bahmcloud_store/views.py
+++ b/custom_components/bahmcloud_store/views.py
@@ -9,7 +9,7 @@ from aiohttp import web
 from homeassistant.components.http import HomeAssistantView
 
 if TYPE_CHECKING:
-    from .core import BCSCore  # typing only
+    from .core import BCSCore  # typing only, avoids runtime circular import
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -17,7 +17,9 @@ _LOGGER = logging.getLogger(__name__)
 class StaticAssetsView(HomeAssistantView):
     url = "/api/bahmcloud_store_static/{path:.*}"
     name = "api:bahmcloud_store_static"
-    requires_auth = True  # keep as before (you said auth works)
+
+    # RESTORE previous behavior: require HA auth (this worked for you before)
+    requires_auth = True
 
     async def get(self, request: web.Request, path: str) -> web.Response:
         base = Path(__file__).resolve().parent / "panel"
@@ -39,7 +41,7 @@ class StaticAssetsView(HomeAssistantView):
         if not target.exists():
             return web.Response(status=404)
 
-        # Content types (NO charset here!)
+        # aiohttp: charset must NOT be included in content_type string
         content_type = "text/plain"
         charset = None
 
@@ -57,11 +59,7 @@ class StaticAssetsView(HomeAssistantView):
         elif target.suffix == ".png":
             content_type = "image/png"
 
-        resp = web.Response(body=target.read_bytes(), content_type=content_type, charset=charset)
-        # During development: avoid stale caching issues
-        resp.headers["Cache-Control"] = "no-store, no-cache, must-revalidate, max-age=0"
-        resp.headers["Pragma"] = "no-cache"
-        return resp
+        return web.Response(body=target.read_bytes(), content_type=content_type, charset=charset)
 
 
 class BCSApiView(HomeAssistantView):
@@ -73,12 +71,13 @@ class BCSApiView(HomeAssistantView):
         self.core = core
 
     async def get(self, request: web.Request) -> web.Response:
-        payload: dict[str, Any] = {
-            "ok": True,
-            "version": self.core.version,
-            "repos": self.core.list_repos_public(),
-        }
-        return web.json_response(payload)
+        return web.json_response(
+            {
+                "ok": True,
+                "version": self.core.version,
+                "repos": self.core.list_repos_public(),
+            }
+        )
 
     async def post(self, request: web.Request) -> web.Response:
         data = await request.json()
@@ -131,16 +130,20 @@ class BCSReadmeView(HomeAssistantView):
 
         html = None
 
+        # Best-effort: if HA provides a markdown renderer util, we use it.
         try:
             from homeassistant.util.markdown import async_render_markdown  # type: ignore
+
             html = await async_render_markdown(self.core.hass, md)
         except Exception as e:
             _LOGGER.debug("Markdown render failed: %s", e)
             html = None
 
+        # Best-effort sanitization if available
         if html:
             try:
                 from homeassistant.util.sanitize_html import async_sanitize_html  # type: ignore
+
                 html = await async_sanitize_html(self.core.hass, html)
             except Exception as e:
                 _LOGGER.debug("HTML sanitize not available/failed: %s", e)