[GH-ISSUE #1158] Non-Admin users cannot use Web Extension - 403 forbidden healthcheck #478

New issue

Open

opened 2026-02-25 23:34:19 +03:00 by kerem · 1 comment

kerem commented

2026-02-25 23:34:19 +03:00

Owner

Originally created by @skomae on GitHub (Oct 15, 2025).
Original GitHub issue: https://github.com/go-shiori/shiori/issues/1158

Data

Shiori version: 1.8.0
Database Engine: SQLite
Operating system: Linux
CLI/Web interface/Web Extension: Shiori by fmartingr

Describe the bug / actual behavior

With a non-admin user:

Login from Manage Extension (Firefox) works fine, however clicking the extension to bookmark a page results in Cannot reach Shiori server: Server health check failed: 403 Forbidden

Same extension and service setup works correctly with an admin user.

Expected behavior

Non-admin user should be able to trigger extension to bookmark page.

To Reproduce

Steps to reproduce the behavior:

Create a non-admin user
In Firefox, right-click Shiori extension and select Manage
Login as non-admin user
Verify that login was successful
Navigate elsewhere and click Shiori extension to open bookmark
Observe error "Server health check failed: 403 Forbidden"

Screenshots

If applicable, add screenshots to help explain your problem.

Notes

Add any other context about the problem here.

Originally created by @skomae on GitHub (Oct 15, 2025). Original GitHub issue: https://github.com/go-shiori/shiori/issues/1158 ## Data - **Shiori version**: 1.8.0 - **Database Engine**: SQLite - **Operating system**: Linux - **CLI/Web interface/Web Extension**: Shiori by [fmartingr](https://addons.mozilla.org/en-US/firefox/user/17283477/) ## Describe the bug / actual behavior With a non-admin user: Login from Manage Extension (Firefox) works fine, however clicking the extension to bookmark a page results in `Cannot reach Shiori server: Server health check failed: 403 Forbidden` Same extension and service setup works correctly with an admin user. ## Expected behavior Non-admin user should be able to trigger extension to bookmark page. ## To Reproduce Steps to reproduce the behavior: 1. Create a non-admin user 2. In Firefox, right-click Shiori extension and select Manage 3. Login as non-admin user 4. Verify that login was successful 5. Navigate elsewhere and click Shiori extension to open bookmark 6. Observe error "Server health check failed: 403 Forbidden" ## Screenshots If applicable, add screenshots to help explain your problem. ## Notes Add any other context about the problem here.

kerem added the

type:bug

component:backend

labels

2026-02-25 23:34:19 +03:00

kerem commented

2026-02-25 23:34:19 +03:00

Author

Owner

@fmartingr commented on GitHub (Oct 17, 2025):

Can confirm this is the issue.

Proposed solution to be implemented is to leave the /api/v1/system/info endpoint available to admins only, and create a new /api/v1/system/ping that just returns a 200 status code if Shiori is running.

@fmartingr commented on GitHub (Oct 17, 2025): Can confirm this is the issue. Proposed solution to be implemented is to leave the `/api/v1/system/info` endpoint available to admins only, and create a new `/api/v1/system/ping` that just returns a 200 status code if Shiori is running.