Skip to content

fix qbittorrent csrf header handling#808

Open
aerz wants to merge 1 commit into
linuxserver:masterfrom
aerz:fix/qbittorrent-5.2-401
Open

fix qbittorrent csrf header handling#808
aerz wants to merge 1 commit into
linuxserver:masterfrom
aerz:fix/qbittorrent-5.2-401

Conversation

@aerz

@aerz aerz commented Jun 30, 2026

Copy link
Copy Markdown

linuxserver.io


  • I have read the contributing guideline and understand that I have made the correct modifications

Description

Fix qBittorrent CSRF 401 behind reverse proxy on v5.2.0+.

Replaces Host $upstream_app:$upstream_port with Host $host and adds Origin "https://$host" so the CSRF check in v5.2.0+ passes. Removes Referer '' (old workaround, no longer needed).

Applied to qbittorrent.subfolder.conf.sample and qbittorrent.subdomain.conf.sample across all location blocks.

How Has This Been Tested?

Tested with SWAG (linuxserver/nginx) proxying linuxserver/qbittorrent v5.2.x. 401 resolved with these headers. Both subfolder and subdomain configs verified working.

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

CSRF Token error using Nginx Proxy Manager

2 participants