Appcheck missing token verification in custom backend non callable function

A custom backend (e.g., Cloud Run, self-hosted API) or a non-callable Cloud Function (e.g., HTTP-triggered) that should be protected by AppCheck does not implement logic to verify incoming AppCheck tokens.