fix: disable automatic auth revalidation on auth pages#2213
Merged
gauthier-th merged 2 commits intodevelopfrom Dec 9, 2025
Merged
fix: disable automatic auth revalidation on auth pages#2213gauthier-th merged 2 commits intodevelopfrom
gauthier-th merged 2 commits intodevelopfrom
Conversation
Prevents unnecessary `/api/v1/auth/me` requests on login, setup, and password reset pages. fix #738
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses unnecessary API requests to /api/v1/auth/me on authentication pages by conditionally disabling SWR's automatic revalidation behaviors. The fix prevents 401/403 errors from spamming reverse proxy logs and triggering fail2ban rules when users visit login, setup, or password reset pages.
Key Changes:
- Added Next.js router integration to detect auth pages via pathname matching
- Conditionally disabled
revalidateOnFocus,revalidateOnMount, andrevalidateOnReconnectfor auth pages - Preserved manual revalidation functionality to maintain proper login flow
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…on in refreshInterval
0xSysR3ll
approved these changes
Dec 9, 2025
gauthier-th
deleted the
fallenbagel/fix/unnecessary-auth-requests-on-login
branch
7 tasks
gauthier-th
pushed a commit
that referenced
this pull request
Jan 11, 2026
0xSysR3ll
pushed a commit
to 0xSysR3ll/jellyseerr
that referenced
this pull request
Jan 20, 2026
…-team#2290) Directly fetch and populate SWR cache with user data instead of relying on revalidate() which is disabled on auth pages since seerr-team#2213 fix seerr-team#2288
7 tasks
lucianchauvin
pushed a commit
to lucianchauvin/jellyseerr
that referenced
this pull request
Apr 20, 2026
…-team#2290) Directly fetch and populate SWR cache with user data instead of relying on revalidate() which is disabled on auth pages since seerr-team#2213 fix seerr-team#2288
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Prevents unnecessary
/api/v1/auth/merequests on login, setup, and password reset pages. These requests used to return 401/403 errors since no user would be logged in, spamming reverse proxy logs and triggering fail2ban rules for users running seerr behind reverse proxy/fail2ban setups.This PR disables SWR's automatic revalidation (on mount, focus, and interval) when on auth pages, while keeping manual revalidation functional so login flow still works correctly.
How Has This Been Tested?
Screenshots / Logs (if applicable)
Checklist:
pnpm buildpnpm i18n:extract