You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The frontend global error handler in `main.tsx` is treating both 401 and 403 HTTP status codes as authentication failures, redirecting users to the login page and clearing their access token.
When a 403 is forbidden not 401 Unauthorized. 403's are used in a few places like a superuser can not delete itself fair but that shouldn't bring you back to the login. I feel that this is too general of an exception to catch.
Would have to go through and change update a few more places that return 403 like when a non super user tries to access the admin page /admin it should either give them a 401 (and probably still shouldn't send them back to login) or just display an actual error message. Would need to look a little more into this for now in my current work I'm just disabling the login redirects on 403's.
Love to hear others thoughts.
Operating System
Linux
Operating System Details
linux dev container "image": "mcr.microsoft.com/devcontainers/python:1-3.12-bullseye"
Python Version
3.12
Additional Context
Happy to make this an issue and work on it as I currently already am. Thanks you FastAPI team y'all rock.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
First Check
Commit to Help
Example Code
Description
The frontend global error handler in `main.tsx` is treating both 401 and 403 HTTP status codes as authentication failures, redirecting users to the login page and clearing their access token.
full-stack-fastapi-template/frontend/src/main.tsx
Line 22 in e4022a9
When a 403 is forbidden not 401 Unauthorized. 403's are used in a few places like a superuser can not delete itself fair but that shouldn't bring you back to the login. I feel that this is too general of an exception to catch.
Would have to go through and change update a few more places that return 403 like when a non super user tries to access the admin page /admin it should either give them a 401 (and probably still shouldn't send them back to login) or just display an actual error message. Would need to look a little more into this for now in my current work I'm just disabling the login redirects on 403's.
Love to hear others thoughts.
Operating System
Linux
Operating System Details
linux dev container
"image": "mcr.microsoft.com/devcontainers/python:1-3.12-bullseye"Python Version
3.12
Additional Context
Happy to make this an issue and work on it as I currently already am. Thanks you FastAPI team y'all rock.
Beta Was this translation helpful? Give feedback.
All reactions