Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Client not sending SID cookie to backend with distinct hostnames #1666

Open
3 tasks done
matthewdias opened this issue Apr 25, 2024 · 6 comments
Open
3 tasks done

[Bug]: Client not sending SID cookie to backend with distinct hostnames #1666

matthewdias opened this issue Apr 25, 2024 · 6 comments
Labels
backend Bug Something isn't working Feature New Feature help wanted Extra attention is needed security

Comments

@matthewdias
Copy link

Bug description

Hi, I just setup the backend and configured it in the frontend, however all requests are being responded to with "Unauthorized" because the cookie is not being sent.

Untitled

Expectations

Settings changes are saved on backend.

Relevant debug informations

No response

Steps to reproduce

  1. Set the backend url in vuetorrent
  2. Change one of the vuetorrent settings

How did you install VueTorrent?

Downloaded from GitHub releases

Environment description

Device type and name: Laptop - MacBook Pro
OS: macOS Sonoma

PWA: No
Running inside a container: No

qBittorrent version

4.6.2

VueTorrent version

2.8.0

Agreements

  • The bug still occurs on the nightly build
  • The bug still occurs on the latest version of qBittorrent
  • A similar issue doesn't already exist
@matthewdias matthewdias added Bug Something isn't working triage Issue hasn't been assessed yet labels Apr 25, 2024
@Larsluph
Copy link
Collaborator

Are you using two different hostnames for accessing the webui and the backend?

In that case that might cause some trouble with third-party cookies being disabled by default.

@Larsluph Larsluph mentioned this issue May 3, 2024
Open
@matthewdias
Copy link
Author

yes, i am

@Larsluph Larsluph added backend and removed triage Issue hasn't been assessed yet labels May 5, 2024
@Larsluph
Copy link
Collaborator

Larsluph commented May 5, 2024

After some digging, the SID cookie set by qBittorrent is created using the HttpOnly which disallows its access in JS environment (e.g. VueTorrent).

Given those restrictions the backend can't be used on distinct hostnames. We need to find a workaround to that.

@Larsluph Larsluph added the help wanted Extra attention is needed label May 5, 2024
@Larsluph Larsluph changed the title [Bug]: Client not sending SID cookie to backend [Bug]: Client not sending SID cookie to backend with distinct hostnames May 5, 2024
@Larsluph
Copy link
Collaborator

Larsluph commented May 8, 2024

Backend has been updated to allow for bypass.

More info in the wiki

@matthewdias
Copy link
Author

This is resolved from my perspective. Thanks for the fix!

@Larsluph
Copy link
Collaborator

Larsluph commented May 9, 2024

I'll keep it open as the solution is only a workaround and might cause issues in the future.

@Larsluph Larsluph reopened this May 9, 2024
@Larsluph Larsluph added Feature New Feature security labels May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Bug Something isn't working Feature New Feature help wanted Extra attention is needed security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthewdias @Larsluph