What went wrong?
Library Health Check is pinged regardless of if user is authenticated or not. This healthcheck is an authenticated endpoint, which reject the request if it does not include credentials.
This even occurs in /login route, which can cause infinite crash loop on frontend as it's configured to re-route to /login when receiving 401 responses. The reason why it's not crash looping till this day is that the /api/v1/libraries/health handler responds with "403 Forbidden" instead of "401 Unauthorized" for unauthenticated request.
How can we reproduce this?
- Log out
- Access /login endpoint
What should have happened?
Should not ping if unauthenticated
Your setup
Grimmory v2.3.0
Before submitting
What went wrong?
Library Health Check is pinged regardless of if user is authenticated or not. This healthcheck is an authenticated endpoint, which reject the request if it does not include credentials.
This even occurs in
/loginroute, which can cause infinite crash loop on frontend as it's configured to re-route to/loginwhen receiving 401 responses. The reason why it's not crash looping till this day is that the/api/v1/libraries/healthhandler responds with "403 Forbidden" instead of "401 Unauthorized" for unauthenticated request.How can we reproduce this?
What should have happened?
Should not ping if unauthenticated
Your setup
Grimmory v2.3.0
Before submitting