API Throttling without user interaction

[EDVLeer]

Please confirm you have done the following before posting your bug report:

• [x] I have enabled debug mode
• [x] I have read checked the Common Issues page

Describe the bug API counts up after clicking in any Select2 field without any interaction. After 120 requests the results disappear with the message "the results could not be loaded" (https://snipe-it.readme.io/reference#api-throttling).

To Reproduce Steps to reproduce the behavior:

1. Go to Create Asset
2. Click on Model
3. Wait a few seconds
4. See "the results could not be loaded"

Expected behavior Show results, search for anything.

Screenshots

Server (please complete the following information):

• Snipe-IT Version v4.9.3 - build 4395 (master)
• OS: Debian Buster
• Web Server: Apache
• PHP Version 7.3.14

Desktop (please complete the following information):

• OS: Windows 10 x64
• Browser Chrome
• Version latest

Error Messages

0 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php(52): Illuminate\Routing\Middleware\ThrottleRequests->buildException('26e7458dc56ab28...', 120)

1 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Routing\Middleware\ThrottleRequests->handle(Object(Illuminate\Http\Request), Object(Closure), 120, '1')

2 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

3 /var/www/snipe-it/vendor/barryvdh/laravel-cors/src/HandleCors.php(36): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

4 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Barryvdh\Cors\HandleCors->handle(Object(Illuminate\Http\Request), Object(Closure))

5 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

6 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(43): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

7 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Auth\Middleware\Authenticate->handle(Object(Illuminate\Http\Request), Object(Closure), 'api')

8 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

9 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

10 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Router.php(660): Illuminate\Pipeline\Pipeline->then(Object(Closure))

11 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Router.php(635): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))

12 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Router.php(601): Illuminate\Routing\Router->runRoute(Object(Illuminate\Http\Request), Object(Illuminate\Routing\Route))

13 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Router.php(590): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))

14 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))

15 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http{closure}(Object(Illuminate\Http\Request))

16 /var/www/snipe-it/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(65): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

17 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Barryvdh\Debugbar\Middleware\InjectDebugbar->handle(Object(Illuminate\Http\Request), Object(Closure))

18 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

19 /var/www/snipe-it/app/Http/Middleware/SecurityHeaders.php(26): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

20 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\SecurityHeaders->handle(Object(Illuminate\Http\Request), Object(Closure))

21 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

22 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

23 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

24 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

25 /var/www/snipe-it/app/Http/Middleware/CheckForDebug.php(25): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

26 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\CheckForDebug->handle(Object(Illuminate\Http\Request), Object(Closure))

27 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

28 /var/www/snipe-it/app/Http/Middleware/CheckForSetup.php(27): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

29 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): App\Http\Middleware\CheckForSetup->handle(Object(Illuminate\Http\Request), Object(Closure))

30 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

31 /var/www/snipe-it/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

32 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Fideloper\Proxy\TrustProxies->handle(Object(Illuminate\Http\Request), Object(Closure))

33 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

34 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

35 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))

36 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

37 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

38 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))

39 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

40 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

41 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))

42 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

43 /var/www/snipe-it/vendor/barryvdh/laravel-cors/src/HandlePreflight.php(29): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

44 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(149): Barryvdh\Cors\HandlePreflight->handle(Object(Illuminate\Http\Request), Object(Closure))

45 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}(Object(Illuminate\Http\Request))

46 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing{closure}(Object(Illuminate\Http\Request))

47 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\Pipeline\Pipeline->then(Object(Closure))

48 /var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))

49 /var/www/snipe-it/public/index.php(58): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))

50 {main}

Additional context

• Is this a fresh install or an upgrade? fresh install
• What OS and web server you're running Snipe-IT on
• What method you used to install Snipe-IT (install.sh, manual installation, docker, etc) manual with Git
• Include what you've done so far in the installation, and if you got any error messages along the way. tryed different PHP versions
• Indicate whether or not you've manually edited any data directly in the database? no

Add any other context about the problem here.

Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.

[snipe]

Did you increase that number from 120 to something higher?

[snipe]

To those responding to this thread, can you give me an idea of how many assets/users you have? We have some users with schools of over 50k people and we haven't seen this issue before - however we also haven't made any changes to the API throttling, so not sure why this would just be coming up now.

Are any of you also performing API actions via automation, or do you have a very large number of admins checking things in and out? 120 really should be enough for most use-cases unless there is something scripted that's calling the API too often.

[EIijah]

To those responding to this thread, can you give me an idea of how many assets/users you have? We have some users with schools of over 50k people and we haven't seen this issue before - however we also haven't made any changes to the API throttling, so not sure why this would just be coming up now.

Are any of you also performing API actions via automation, or do you have a very large number of admins checking things in and out? 120 really should be enough for most use-cases unless there is something scripted that's calling the API too often.

I have this issue on a fresh install, so currently around 5 assets and 3 users this issue is happening.

I get this when debug mode is on - It wouldn't be an issue for the most part except it happens within 2-3 seconds sometimes and the whole page needs to be reloaded.

[coaxke]

Take a look at #8035 - we've done a little bit of triage there. The issue appears to be evident on the snipe-it demo too (at least it was for me).

[EDVLeer]

Did you increase that number from 120 to something higher?

No, the number is still 120.

To those responding to this thread, can you give me an idea of how many assets/users you have?

Imported a few assets via CSV / users via LDAP.

Are any of you also performing API actions via automation, or do you have a very large number of admins checking things in and out?

No, it's just a fresh install.

[snipe]

Closing as duplicate of #8035