Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] WebUI API broken #6977

bLightZP opened this Issue Jun 18, 2017 · 4 comments


None yet
5 participants
Copy link

bLightZP commented Jun 18, 2017

Please provide the following information

qBittorrent version and Operating System:

qBittorrent 3.3.13
Win7 64bit

What is the problem:

WebUI query "http://localhost:8080/query/torrents" returns nothing, no error no content, nothing.

What is the expected behavior:

Return a list of torrents in JSON format.

Steps to reproduce:

  1. Enable WebUI.
  2. Enable "bypass authentication for localhost".
  3. Open "http://localhost:8080/query/torrents" in a web browser

Extra info:

  1. Downgrading to v3.3.12 and the issue disappears, so it was definitely introduced in .13
  2. Opening "http://localhost:8080" works fine, shows the Web UI and lists the torrents within the UI.

This comment has been minimized.

Copy link

Kriskras99 commented Jun 18, 2017

In the latest version there was a bugfix related to Cross-Site Request Forgery:

WEBUI: Implement Cross-Site Request Forgery defense. Due to this the HTTP referer header is now expected in (almost) all HTTP requests. qBittorrent will drop the request sent without the referer header. That's why we bump the API_VERSION_MIN too. (reported by OpenGG, fixed by Chocobo1)

This has the side effect that if you don't supply the 'referer' header with every request, you can't do anything even if you have an authorisation cookie.

To fix this specify the header 'referer' to be 'http://localhost:8080' then it should work again.
curl -i --header "Referer: http://localhost:8080" http://localhost:8080/version/api


This comment has been minimized.

Copy link

bLightZP commented Jun 19, 2017

Thank you, that resolved the issue.


This comment has been minimized.

Copy link

jamjop commented Jun 22, 2017

this is really annoying cuz I have to wait for Radarr and sick rage to update their api calls


This comment has been minimized.

Copy link

jamesmacwhite commented Jun 25, 2017

@noahruss Or downgrade back to 3.3.12?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.