Closed Tmarinus closed 4 years ago
Hi! Thanks for reporting this issue, however as it currently stands the only solution so far is to disable "CSRF" within Webbui settings.
Thank you very much. Turned it off, and of course it works now. Did I miss this anywhere in the documentation?
No problem!
Well, the thing is that Torrent Clipper is a fork of Torrent Control which is using a hack (from my understanding) where it manages to tell the browser that the extension's Origin
header is the same as the Host
header i.e. that it's the browser sending the request, not the extension (since CSRF essentially does not allow either the Host
or Origin
to be different from each other).
So maybe qBittorent does have documentation about it (I didn't manage to find any).
So a final update, I manage to fix the issue, you can safely enable CSRF again.
So a final update, I manage to fix the issue, you can safely enable CSRF again.
Wow so fast. Thank you very much. Tested and works perfectly.
I am trying to get torrent clipper to work for qbittorrent-nox, running from a raspberry pi. The webUI interface works perfectly. However clipper gives me errors, the post for the login always returns
Request URL: http://***/api/v2/auth/login Request Method: POST Status Code: 401 Unauthorized Remote Address: *** Referrer Policy: no-referrer-when-downgrade
When I execute the post call using curlcurl -X POST -F "username=**" -F "password=**" http://**/api/v2/auth/login
the response isOk.
Server log results in:
WebUI: Origin header & Target origin mismatch! Source IP: '::ffff:192**'. Origin header: 'chrome-extension://ibkeckbgcfhghnealffdbkmlgdlkojfd'. Target origin: '192**'
Tried running web UI on 8080, or 8112 did not change anything.