Describe the bug:
When making a MediaPage query (tvserie) to the API, a 403 Forbidden error is returned. This issue occurs both from the browser and from external clients like Postman. Additionally, the server is extremely slow to respond when this query is made, with response times up to 31 seconds. By contrast, other queries (such as DailyQuoteArtwork) return results instantly.
Environment:
- Frontend URL: https://www.espacogeek.com
- API URL: https://api.espacogeek.com/
- JAVA_VERSION: jdk-21.0.10+7
- CORS vars:
SPRING_MVC_CORS_ALLOWED_ORIGINS=https://espacogeek.com,https://www.espacogeek.com,http://espacogeek.com,http://www.espacogeek.com
- SAMESITE_WHEN_SAME_SITE=Lax
Request Example (fails):
{"operationName":"MediaPage","variables":{"id":null,"name":"stranger"},"query":"query MediaPage($id: ID, $name: String) {\n tvserie(id: $id, name: $name) {\n content {\n id\n name\n cover\n __typename\n }\n __typename\n }\n}"}
This query fails with 403 Forbidden and very slow response (~31 seconds) in browser and Postman.
Request Example (works):
{"operationName":"DailyQuoteArtwork","variables":{},"query":"query DailyQuoteArtwork {\n dailyQuoteArtwork {\n quote\n author\n urlArtwork\n __typename\n }\n}"}
This query works instantly in browser and Postman.
Expected behavior:
- MediaPage query should return the correct content or a proper error, but not 403 for browser-origin or external tool requests.
- API performance should not be degraded (request should not take 31+ seconds).
Steps to Reproduce:
- Send MediaPage query for tvserie via browser OR Postman.
- Observe 403 Forbidden error and slow response.
- Send DailyQuoteArtwork query to compare normal response behavior.
Additional notes:
- Response headers allow CORS from the correct origins; access is still forbidden and performance for MediaPage is very slow compared to other queries.
- This issue may be related to GraphQL backend configuration, authentication, permissions, or endpoint-specific rules causing both the error and latency.
Please investigate and resolve the 403 Forbidden + slow response for the MediaPage/tvserie query on all clients.
Describe the bug:
When making a MediaPage query (tvserie) to the API, a 403 Forbidden error is returned. This issue occurs both from the browser and from external clients like Postman. Additionally, the server is extremely slow to respond when this query is made, with response times up to 31 seconds. By contrast, other queries (such as DailyQuoteArtwork) return results instantly.
Environment:
SPRING_MVC_CORS_ALLOWED_ORIGINS=https://espacogeek.com,https://www.espacogeek.com,http://espacogeek.com,http://www.espacogeek.comRequest Example (fails):
This query fails with 403 Forbidden and very slow response (~31 seconds) in browser and Postman.
Request Example (works):
This query works instantly in browser and Postman.
Expected behavior:
Steps to Reproduce:
Additional notes:
Please investigate and resolve the 403 Forbidden + slow response for the MediaPage/tvserie query on all clients.