azure latch
I’m running into a login issue with Overseerr. The app loads fine, but when I try to sign in with Plex, it just sits on the spinning wheel and never completes the authentication.
Has anyone run into this before or found a fix? Happy to share logs or config details if that helps. Running the Hotio container in an UnRAID setup.
I should also say that I'm exposing this via Cloudflare tunnel, with Traefik as my edge router. App is accessible, just unable to sign in.
glacial zealot
I remember this being a header issue
Could you share some config details please ?
azure latch
ah - I did recently implement additional headers. unable to access my config at the moment, but here's a return from securityheaders.com
sage osprey
It was a blip on Plex' end afaik, it has been resolved.
It works on my PC at least, could be related to the specific browser used though as my user that reported it was using his phone.
I can also login on mobile firefox but PWA still doesn't work, so guess there is still an issue with that.
glacial zealot
Just tried as PWA using Safari and it works
sage osprey
yeah, it works if I use it through firefox but not through the Samsung browser so it "depends"
using chrome to install PWA also works
guess it'll be some weird security thing in the specific browser
glacial zealot
No CSP involved ?
azure latch
something browser-related must be going on. it was working for me on Safari (iOS 26) but not for some of my users on other iOS versions. was also fine on Chrome/Firefox/Safari - but now not working for Safari (any version) and in all browsers.
@glacial zealot added *.plex.tv in my CSP but no change
misty solstice
Could it be related to the CloudFlare outage?
https://www.cloudflarestatus.com/
azure latch
@misty solstice no, it started a couple of weeks ago. I’m wondering if something changed with auth on the Plex side
or something with the auth token being passed to Plex by Overseerr. it’s an issue for my other users, as well.
misty solstice
Strange, I'm assuming they can auth to Plex without issue? I haven't seen any noticeable changes or any issues with my users.
Maybe it's something to do with the tunnel on the CloudFlare side? Something they are now doing or aren't doing anymore?
azure latch
found an older Reddit post from around the time Plex had the data breach and everyone was resetting passwords. someone in the thread mentions having an issue with Overseerr and using cli to wipe the token. I’m not seeing the specific command referenced - anyone have experience doing this?
“Tautuli had the button but I did have to wipe the token for overseer in the CLI. It picked up the new one on its own when I logged in again.“
sage osprey
if that was the cause it would never work in any browser, SSO != token used for the server API
azure latch
this ended up being a simple fix and a miss on my part. In my CSP, I'd missed adding https://plex.tv as a connect-src in addition to self.
thanks, all, for weighing in!
glacial zealot
this ended up being a simple fix and a miss on my part. In my CSP, I'd missed ad...
So just in connect-src ? Nowhere else ?
azure latch
@glacial zealot I also have https://plex.tv and https://assets.plex.tv in img-src