diff --git a/server/controllers/LibraryItemController.js b/server/controllers/LibraryItemController.js
index 60090508..18d0b642 100644
--- a/server/controllers/LibraryItemController.js
+++ b/server/controllers/LibraryItemController.js
@@ -353,11 +353,13 @@ class LibraryItemController {
       return res.sendStatus(403)
     }
 
-    if (req.method == 'DELETE' && !req.user.canDelete) {
+    if (req.path.includes('/play')) {
+      // allow POST requests using /play and /play/:episodeId
+    } else if (req.method == 'DELETE' && !req.user.canDelete) {
       Logger.warn(`[LibraryItemController] User attempted to delete without permission`, req.user)
       return res.sendStatus(403)
     } else if ((req.method == 'PATCH' || req.method == 'POST') && !req.user.canUpdate) {
-      Logger.warn('[LibraryItemController] User attempted to update without permission', req.user)
+      Logger.warn('[LibraryItemController] User attempted to update without permission', req.user.username)
       return res.sendStatus(403)
     }