[Bug]: validate_certs=false causes 403 Forbidden — custom http_session missing Authorization header

[szollin]

Ansible NetBox Collection version

v3.16.0

Ansible version

ansible [core 2.16.3]
  config file = None
  configured module search path = ['/home/szollin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/szollin/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.12.3 (main, Mar  3 2026, 12:15:18) [GCC 13.3.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

NetBox version

v4.4.9

Python version

3.11

Steps to Reproduce

Create the simple playbook

---
- name: Reproduce validate_certs 403 bug
  hosts: localhost
  gather_facts: false
  tasks:
    - name: Query a device (or any NetBox object)
      netbox.netbox.netbox_device:
        netbox_url: "https://your-netbox-instance.example.com"
        netbox_token: "api-token"
        validate_certs: false
        data:
          name: "test-device"
        state: present
      register: result

    - debug:
        var: result

Run ansible-playbook test_validate_certs.yml

Expected Behavior

The task should authenticate and succeed

Observed Behavior

The task fails with a 403 Forbidden because pynetbox's get_version() calls http_session.get() on the replaced session, which doesn't carry the Authorization header.

The fix is a single line addition, Setting session.headers["Authorization"] = f"Token {token}" immediately after nb.http_session = session causes this issue to disappear.