qBittorrent v4.1.5 Web UI, 401 Unauthorized

[Tmarinus]

I am trying to get torrent clipper to work for qbittorrent-nox, running from a raspberry pi. The webUI interface works perfectly. However clipper gives me errors, the post for the login always returns Request URL: http://***/api/v2/auth/login Request Method: POST Status Code: 401 Unauthorized Remote Address: *** Referrer Policy: no-referrer-when-downgrade When I execute the post call using curl curl -X POST -F "username=**" -F "password=**" http://**/api/v2/auth/login the response is Ok.

Server log results in: WebUI: Origin header & Target origin mismatch! Source IP: '::ffff:192**'. Origin header: 'chrome-extension://ibkeckbgcfhghnealffdbkmlgdlkojfd'. Target origin: '192**'

Tried running web UI on 8080, or 8112 did not change anything.

[piperun]

Hi! Thanks for reporting this issue, however as it currently stands the only solution so far is to disable "CSRF" within Webbui settings.

[Tmarinus]

Thank you very much. Turned it off, and of course it works now. Did I miss this anywhere in the documentation?

[piperun]

No problem!

Well, the thing is that Torrent Clipper is a fork of Torrent Control which is using a hack (from my understanding) where it manages to tell the browser that the extension's Originheader is the same as the Hostheader i.e. that it's the browser sending the request, not the extension (since CSRF essentially does not allow either the Hostor Originto be different from each other).

So maybe qBittorent does have documentation about it (I didn't manage to find any).

[piperun]

So a final update, I manage to fix the issue, you can safely enable CSRF again.

[Tmarinus]

So a final update, I manage to fix the issue, you can safely enable CSRF again.

Wow so fast. Thank you very much. Tested and works perfectly.