A request is not passing Basic Auth and being blocked

Issue description:

I am using a self-hosted Navidrome instance and I access it using CloudFlare Tunnels which acts as a reverse proxy. To avoid that anyone can even connect to my instance, I’m blocking on CloudFlare any request which has not the correct Basic Auth header.

I noticed that there is this specific request( screenshot below) which is being blocked because it doesn’t pass the Basic Auth Header. The app works fine with no issues, I’m not sure which feature it may be blocking, but I couldn’t notice one.

Logs:

Upload description: d643176b-8cbc-4c21-869c-ac19ffa85de1

Additional information:

 
From the logs, it seems that the blocked request cause an exception to be thrown:

Error/TranscoderManager: FFProbe: No media information extracted (https://REDACTED:REDACTED@HOST_REDACTED:443/rest/stream.view?id=022c9882dd8bba1042d8d2e9220be3d4&u=REDACTED&t=REDACTED&s=REDACTED&v=1.13.0&c=Symfonium&f=json&format=raw) - {
https://REDACTED:REDACTED@HOST_REDACTED:443/rest/stream.view?id=022c9882dd8bba1042d8d2e9220be3d4&u=REDACTED&t=REDACTED&s=REDACTED&v=1.13.0&c=Symfonium&f=json&format=raw: Server returned 403 Forbidden (access denied)

}

Error/TranscoderManager: FFProbe: Failure
java.io.IOException: empty/http-403
	at l8.r.e(Unknown Source:460)
	at l8.m.t(Unknown Source:12)
	at eu.a.p(Unknown Source:5)
	at bv.i0.run(Unknown Source:109)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
	at java.lang.Thread.run(Thread.java:1012)

 

Reproduction steps:

 

 

Media provider:

Subsonic

Screenshots:

 

    

Well it is correct basic auth this is as valid as the header.

Next release will support custom headers that will always be headers so you will be able to control this better.

1 Like

Custom headers for every request would be awesome to have. In this way it will be possible to use Service Accounts with Client-Id and Secret-Id headers.