GET /api/v1/auth/me before user login

[Berjou]

Description

After deploying Jellyseerr on my NAS using docker behind a traefik reverse proxy, I encountered a similar issue as discussed here https://github.com/Fallenbagel/jellyseerr/discussions/439 with Jellyseerr messing up my existing fail2ban rules protecting my traefik instance.

I setup my account to log with my Jellyfin credentials. When loading the login page, I can see some GET requests on /api/v1/auth/me , logically resulting in 401 http errors since no user is logged in yet.

It seems to me that there is something wrong here, that Jellyseerr should not request the API before the user fills the login form.

Tested from my laptop and my android phone, using firefox, but the client is probably not relevant here.

Version

1.8.1

Steps to Reproduce

1. Fresh docker install
2. Configure user login with Jellyfin credentials
3. Go and wait on Jellyseerr login page
4. Check browser / reverse proxy logs to see GET requests on /api/v1/auth/me before the user is logged in, spamming 401 errors.

Screenshots

No response

Logs

Extract of traefik access logs:

<ip-src-redacted> - - [30/Apr/2024:23:59:53 +0200] "GET /api/v1/auth/me HTTP/2.0" 401 123 "-" "-" 6072 "jellyseerr-https@docker" "<jellyseerr-container-address-redacted>" 60ms
<ip-src-redacted> - - [30/Apr/2024:23:59:53 +0200] "GET /api/v1/auth/me HTTP/2.0" 401 123 "-" "-" 6075 "jellyseerr-https@docker" "<jellyseerr-container-address-redacted>" 64ms

Platform

desktop

Device

Not device specific

Operating System

Not OS specific

Browser

Firefox, but probably not relevant

Additional Context

No response

Code of Conduct

• I agree to follow Jellyseerr's Code of Conduct