Basic Auth Proxy HTTP Request contains Authentication Header Twice

Issue description:

When I set up Navidrome (subsonic) with a Basic Auth proxy, the album art and artist images aren’t loading.

Within my proxy network, I get an error saying the Basic Auth header is attached twice to the request, which isn’t allowed. Therefore, the HTTP request is terminated prematurely.

The cover works in navidrome, and the request getAlbumInfo2.view also returns working URLs.

[info] 29#29: *135 client sent duplicate header line: “Authorization: Basic c2ViYXN0aWFuOnNlYmFzdGlhbg==”, previous value: “Authorization: Basic c2ViYXN0aWFuOnNlYmFzdGlhbg==” while reading client request headers, client: 192.168.178.38, server: localhost, request: “GET /rest/getCoverArt.view?id=mf-edqlpXswFzkbtZ1RzP3oEI_68b68f7a&u=demo&t=3cfa2185f7affe1e4967cc659dffd394&s=CC8E2A7CE8DF5999714B6A8E8EC08AB8&v=1.13.0&c=Symfonium&f=json HTTP/1.1”

Logs:

Upload description: SebastianRzk

Additional information:

 
Nginx Log:

navidrom-api-auth-proxy-1 | 192.168.178.38 - sebastian [08/Sep/2025:11:28:00 +0000] “GET /share/img/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFyLTBtdzdmSFBQTGJxTTNkWGRqc0NtTmZfMCIsImlzcyI6Ik5EIn0.0YdEBW0BOAwZUX9NQ1bXMbfDXNNpxudzIHbcE839pJ0?size=1200&u=demo&t=3cfa2185f7affe1e4967cc659dffd394&s=CC8E2A7CE8DF5999714B6A8E8EC08AB8&v=1.13.0&c=Symfonium&f=json HTTP/1.1” 400 150 “-” “-” “-”
navidrom-api-auth-proxy-1 | 192.168.178.38 - sebastian [08/Sep/2025:11:28:00 +0000] “GET /share/img/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImFyLTBBRzlrNFJTUUxJNFlwZDFZOGRwV3JfMCIsImlzcyI6Ik5EIn0.hAH93yWp_XoV0jYS3jzreVSenP2udvTqn36SuR-y2Nw?size=1200&u=demo&t=3cfa2185f7affe1e4967cc659dffd394&s=CC8E2A7CE8DF5999714B6A8E8EC08AB8&v=1.13.0&c=Symfonium&f=json HTTP/1.1” 400 150 “-” “-” “-”
navidrom-api-auth-proxy-1 | 2025/09/08 11:28:00 [info] 28#28: *109 client sent duplicate header line: “Authorization: Basic c2ViYXN0aWFuOnNlYmFzdGlhbg==”, previous value: “Authorization: Basic c2ViYXN0aWFuOnNlYmFzdGlhbg==” while reading client request headers, client: 192.168.178.38, server: localhost, request: “GET /rest/getCoverArt.view?id=al-0rIEel8fVmyQstaNHJtrU7_68b6ac53&u=demo&t=3cfa2185f7affe1e4967cc659dffd394&s=CC8E2A7CE8DF5999714B6A8E8EC08AB8&v=1.13.0&c=Symfonium&f=json HTTP/1.1”

Reproduction steps:

Media provider:

Subsonic

Screenshots:

Screenshot 21080×2340 106 KB

Screenshot 31080×2340 151 KB

Screenshot 4511×637 11 KB

This is something on your network chain. Symfonium engine can not send duplicated headers even if I wanted to.

Hey,

I understand that this all sounds strange.

I’ve now booted a man-in-the-middle proxy (mitmproxy/mitmproxy 12.1.2) in my local network, and it actually records traffic in the path /rest/getCoverArt.view with two Authorization headers (both with the same username/password). The paths /search3.view/ or /ping/ only have one header.

image1495×617 82.6 KB

Technically speaking, it’s a feature that header keys are not unique. But the Authorization header should only exist once.

Symfonium seems to request the share link that maybe redirect to getCoverart and your proxy have issues ?

I can assure you thia is not done by Symfonium

Hello, following as I am having this exact same issue. I am trying the same thing you are, and album art doesn’t show up with basic_authorization set (Navidrome), but does with X-Sym-Key set as a custom header and not basic auith.

But ironically, when passing a custom header (X-Sym-Key) only, it fails to play the music because it doesn’t attach it to those headers to the stream, but can retrieve the art, because it doesn’t collide with the authorization header.

If you attach both the custom header and the basic authorization, the music plays, but no album art.

OP Did you ever fix this? I’ve spent a few hours tweaking my configs and found it to not be a reverse proxy issue.

Open your own proper issue.
The custom headers are sent for stream obviously and the app still can’t send duplicated headers.

@voc0der Yes, I can confirm that.

When I had the problem with the basic auth proxy, I thought, “Just enter it as a custom header instead of the proxy config.” But then I suddenly had problems with the stream.

I’d rather use the stream, but no cover art.

Funny side note: If you set the proxy configuration and the custom header, the auth header appears three times on the album cover request.

I tested it against the standard Navidrome setup from the Navidrome website. Very interesting.

Of course, I can’t rule out the possibility that it’s somehow related to my setup; I’m working on debugging it now and then.

Again not aware of any issues with the headers.

So far 100% of the time it was a proxy error see Symfonium doesn't always send custom headers i set up for server for example.

@LostB053 so you have details for them?

While I didn’t report this, I noticed symfonium was sending headers twice (nginx logs).

Then I deleted the provider, and added a new provider altogether. That I think reset the whatever glitch I had.

As for why I didn’t report it, cuz I couldn’t reproduce it.

That’s not the question

The question is about Symfonium doesn't always send custom headers i set up for server - #9 by LostB053 you said the headers where sent and it was a proxy configuration error.

Ahh yes

That was the case as well.

It was both to be honest, but I was already much of a jerk with logs, didn’t feel like wasting your time further lmao (idk hopefully I won’t repeat but might)

What case what error ?

No error

just the quirk. Symfonium sent headers twice.

I couldn’t reproduce it

About the header supposedly not sent in some cases ?

I had proxy issue as well, that I noticed with nzb360

But fixing it alone didn’t fix the issue (again I didn’t report this earlier)

OHHHH no

Headers were sent. Symfonium sent the headers

Yes I know But what did you do to fix it ? That’s the question since the start for the 2 guys here that have the same issue …

As I said

It’s either proxy quirk

OR

remove provider altogether and add a new