qbittorrent app won't open web UI
I've been adding apps all morning in setting up my new install. After adding the tile for qBittorrent, then testing it, I receive an result. I can open the web UI from my browser bookmark just fine. The widget I added shows the torrents just fine. I've tried with and without adding the user/pw combo. I expected it to open the login page as if I had clicked the bookmark and was not logged in.
Solution:Jump to solution
That would be CSRF, a cross site protection service enabled by default. It may be blocking linking from websites. Hence why a normal bookmark in browsers work
25 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Copy paste the link in your bookmark onto the line "external link". That should be it
Here?
Homarr isn't doing anything to your link, this is purely reliant on your browser. Or at least it should
Yes, the external address should be the link you use to access the page from your browser
Right, but something is different between Homarr and my bookmark. Homarr tile doesn't work, widget does
Have you tried on a different browser?
Yes, same result in chrome as firefox (main)
When clicking the link, is the link in the top bar the right one?
Yes
@explosive parrot you use qbittorrent from what I remember, any idea what's happening?
I'm guessing forwarded headers are messing with things maybe
Here, on the right tab it shows unauthorized, but the left tab is running. I have tried logging out of the qbit UI and then opening via the Homarr tile and same result
Is your link opening in a new tab or same tab?
new tab
That should be a clean slate...
That's what I thought
I'm running under the assumption that if it works for everyone else, I must be doing something wrong with my setup.
Qbit has proved to be tight around security, we may have done 1 thing incorrectly that people have just found a way around.
Unfortunately you can't check what forwarded headers are going through. Although there shouldn't be any.
There might be 1 options in qbit settings that could set you on the correct path again
I first put in the tile, then tried opening it. Unauthorized. Then the widget. Widget was empty. Went back and put in my login info. Widget populates. Tried opening the tile again and still Unauthorized. Removed and replaced the tile with the login info directly.
Yeah like I said, we might be forwarding something in the back that qbit isn't liking and the way around it for now is possibly to disable one option that is very commonly disabled in qbit's settings
Ok, what is that?
Solution
That would be CSRF, a cross site protection service enabled by default. It may be blocking linking from websites. Hence why a normal bookmark in browsers work
That works
https://discord.com/channels/972958686051962910/972958689155764326/1212698001504473110
As explained here by @explosive parrot
So, I'm not familiar with this setting. What would be the risk of disabling it?
Not familiar with it either, but my guess is that it's to prevent your qbit isntance to be linked on a website and it actually working.
In the case of homarr, that's bad since that's what we want, but there are websites out there linking all the pages in the world from their IP. So if your qbit's UI is exposed outside of your network and someone clicks that link, they would have access to your page. (But they'll still be prompted with the login page. However secure that is)
My advice would be to not expose anything on the internet until you've learned more about reverse proxying and security options for it. I would also recommend cloudflare since they add a protection layer for accessing your services.
ok, thank you for the help. Much appreciated