Overseerr generates HTTP 403 errors when browsing

[ToXinE]

Description

Same as #3413 which were stale but bug's still there. generating 403 is by design is not a good practice if you can know that user is not allowed to access ressource. As a logical behavior, WAF like crowdsec of fail2ban tracks those errors and ban users generating too much 40x http errors.

Overseerr generates a lot of 403 simply by browsing pages.

Version

1.9.2

Steps to Reproduce

1. log in overseerr as a non admin user.
2. browse some pages, search some shows by typing one by one letters in the search box,
3. navigate back to home,
4. browse some more,
5. so much 403 errors were generated that Application Firewall banned the ip.

Screenshots

No response

Logs

No response

Platform

desktop

Device

not revelant

Operating System

not revelant

Browser

firefox and chrome and edge and safari

Additional Context

No response

Code of Conduct

• [X] I agree to follow Overseerr's Code of Conduct

[Hermitter]

Adding to this, 401 errors are also generated on successful logins https://github.com/sct/overseerr/issues/3535

The only solution for me, which isn't ideal, has been to have fail2ban rules for overseerr.log and disable the reverse proxy logs for the overseer endpoint.

[rjwinks]

Unsure if this is a similar issue, I'm getting 403 when trying to use a script that connects through the API, not sure where to go to get around this

2024-07-09 16:06:16 overr-syncerr | Failed to post comment to Overseerr: {"status":403,"error":"You do not have permission to access this endpoint"} 2024-07-09 16:06:16 overr-syncerr | Marking issue as resolved with URL: http://X.X.X.X:XXXX/api/v1/issue/2/resolved 2024-07-09 16:06:16 overr-syncerr | Failed to mark issue as resolved in Overseerr: {"status":403,"error":"You do not have permission to access this endpoint"}