Issue Station
Sign In
Tools hereToolbox

litellm - ✅(Solved) Fix [Bug]: useProxyConfig hook fetches /config/list for non-admin users — causes 400 errors on page load [1 pull requests, 1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
BerriAI/litellm#24309Fetched 2026-04-08 01:13:24
View on GitHub
Comments
1
Participants
2
Timeline
4
Reactions
0
Author
xykongxykong
Participants
github-actions[bot]github-actions[bot]xykongxykong
Timeline (top)
commented ×1cross-referenced ×1labeled ×1referenced ×1

The useProxyConfig React hook calls GET /config/list unconditionally on component mount, regardless of the user's role. Since /config/list is an admin-only endpoint that returns 400 Bad Request for non-admin users, this causes a 400 error to be logged on every page load for internal_user sessions.

Error Message

The useProxyConfig React hook calls GET /config/list unconditionally on component mount, regardless of the user's role. Since /config/list is an admin-only endpoint that returns 400 Bad Request for non-admin users, this causes a 400 error to be logged on every page load for internal_user sessions. POST /config/list → 400 {"error": "Not allowed access, your role=internal_user"}

Root Cause

In useProxyConfig.ts:

// Current implementation — calls /config/list for ALL users ❌
export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken),  // no role check
  });
};

The useProxyConfig hook is used in multiple components (ModelSettingsModal, SpendLogsSettingsModal) that are rendered on initial page load. For internal_user sessions, every page load triggers:

POST /config/list → 400 {"error": "Not allowed access, your role=internal_user"}

Fix Action

Fix

Add an admin role check to disable the query for non-admin users:

import { isProxyAdminRole } from "@/utils/roles";

export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken, userRole } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken) && isProxyAdminRole(userRole ?? ""),
  });
};

The isProxyAdminRole utility already exists in @/utils/roles. This is a 3-line change and I have a PR ready.

PR fix notes

PR #24313: fix(ui): disable /config/list fetch for non-admin users in useProxyConfig hook

Description (problem / solution / changelog)

Summary

Fixes useProxyConfig hook to skip the GET /config/list request for non-admin users, eliminating repeated 400 errors in proxy logs on every page load.

Fixes #24309

Root Cause

useProxyConfig calls GET /config/list unconditionally on component mount. Since /config/list is restricted to PROXY_ADMIN (returns 400 Bad Request for other roles), every page load for internal_user sessions triggers:

400 {"error": "Not allowed access, your role=internal_user"}

Components using useProxyConfig (ModelSettingsModal, SpendLogsSettingsModal) are rendered during initial page load, so this fires immediately and on every navigation.

Change

+ import { isProxyAdminRole } from "@/utils/roles";

  export const useProxyConfig = (configType: ConfigType) => {
-   const { accessToken } = useAuthorized();
+   const { accessToken, userRole } = useAuthorized();
    return useQuery<ProxyConfigResponse>({
      ...
-     enabled: Boolean(accessToken),
+     enabled: Boolean(accessToken) && isProxyAdminRole(userRole ?? ""),
    });
  };

The isProxyAdminRole utility already exists in @/utils/roles — no new dependencies.

Testing

  • internal_user sessions no longer produce 400 errors on page load
  • ✅ Admin users still fetch and display proxy config normally
  • ✅ Components that consume useProxyConfig handle the undefined data state (they already do via optional chaining)

Impact

  • Minimal: 3-line change to one hook
  • No breaking changes
  • Affected components: any consumer of useProxyConfig (ModelSettingsModal, SpendLogsSettingsModal, and future consumers)

Changed files

  • ui/litellm-dashboard/src/app/(dashboard)/hooks/proxyConfig/useProxyConfig.ts (modified, +3/-2)

Code Example

// Current implementation — calls /config/list for ALL users ❌
export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken),  // no role check
  });
};

---

POST /config/list → 400 {"error": "Not allowed access, your role=internal_user"}

---

import { isProxyAdminRole } from "@/utils/roles";

export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken, userRole } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken) && isProxyAdminRole(userRole ?? ""),
  });
};
RAW_BUFFERClick to expand / collapse

Description

The useProxyConfig React hook calls GET /config/list unconditionally on component mount, regardless of the user's role. Since /config/list is an admin-only endpoint that returns 400 Bad Request for non-admin users, this causes a 400 error to be logged on every page load for internal_user sessions.

Root Cause

In useProxyConfig.ts:

// Current implementation — calls /config/list for ALL users ❌
export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken),  // no role check
  });
};

The useProxyConfig hook is used in multiple components (ModelSettingsModal, SpendLogsSettingsModal) that are rendered on initial page load. For internal_user sessions, every page load triggers:

POST /config/list → 400 {"error": "Not allowed access, your role=internal_user"}

Impact

  • Noisy 400 errors in proxy logs for every non-admin user page load
  • React Query retries the failed request, amplifying the log noise
  • Affects any component that uses useProxyConfig

Fix

Add an admin role check to disable the query for non-admin users:

import { isProxyAdminRole } from "@/utils/roles";

export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken, userRole } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken) && isProxyAdminRole(userRole ?? ""),
  });
};

The isProxyAdminRole utility already exists in @/utils/roles. This is a 3-line change and I have a PR ready.

Environment

  • LiteLLM Dashboard (latest main)
  • Affected roles: internal_user, team, any non-admin role
  • Affected components: ModelSettingsModal, SpendLogsSettingsModal, and any other consumer of useProxyConfig

extent analysis

Fix Plan

To resolve the issue, we need to add a role check to the useProxyConfig hook. Here are the steps:

  • Import the isProxyAdminRole utility function from @/utils/roles.
  • Modify the useProxyConfig hook to accept the user's role.
  • Update the enabled condition to check for the admin role using isProxyAdminRole.

Code Changes

import { isProxyAdminRole } from "@/utils/roles";

export const useProxyConfig = (configType: ConfigType) => {
  const { accessToken, userRole } = useAuthorized();
  return useQuery<ProxyConfigResponse>({
    queryKey: proxyConfigKeys.list({ filters: { configType } }),
    queryFn: async () => await getProxyConfigCall(accessToken!, configType),
    enabled: Boolean(accessToken) && isProxyAdminRole(userRole ?? ""),
  });
};

Verification

To verify the fix, check the proxy logs for 400 errors after updating the useProxyConfig hook. The errors should be significantly reduced or eliminated for non-admin users. Additionally, test the components that use useProxyConfig to ensure they function as expected for both admin and non-admin users.

Extra Tips

  • Make sure to test the isProxyAdminRole utility function separately to ensure it correctly identifies admin roles.
  • Consider adding logging or monitoring to track the number of 400 errors and verify the fix's effectiveness.
  • Review other components that use useProxyConfig to ensure they handle the case where the query is disabled for non-admin users.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#serialization error#model compatibility#GPU setup#container setup#orchestration issue

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING