From 62df99e8553f0f367182694fec3537636e360010 Mon Sep 17 00:00:00 2001
From: Francisco Pombal <FranciscoPombal@users.noreply.github.com>
Date: Sat, 25 Jan 2020 01:02:47 +0000
Subject: [PATCH] update proxy configuration

---
 ...ertificates-and-NGINX-SSL-reverse-proxy.md | 24 +++++++++++--------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy.md b/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy.md
index 1e94ab2..68ab32a 100644
--- a/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy.md
+++ b/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy.md
@@ -111,18 +111,22 @@ server {
     location /qbt/ {
         # you can use any other port other than 30000 as long as it is available on your system
         proxy_pass              http://127.0.0.1:30000/;
-        proxy_set_header        X-Forwarded-Host            $server_name:$server_port;
-        proxy_hide_header       Referer;
-        proxy_hide_header       Origin;
-        proxy_set_header        Referer                     '';
-        proxy_set_header        Origin                      '';
 
-        # if you use the "enable host header validation" setting with 127.0.0.1 in the "server domains" text box
-        # don't forget to change the port number to the one you are actually using.
-        # proxy_set_header      Host                        127.0.0.1:30000; 
+        proxy_http_version      1.1;
+        proxy_set_header        X-Forwarded-Host        $http_host;
 
-        # not needed since 4.1.0
-        # add_header            X-Frame-Options             "SAMEORIGIN";
+        # The following directives effectively nullify Cross-site request forgery (CSRF)
+        # protection mechanism in qBittorrent, only use them when you encountered connection problems.
+        # You should consider disable "Enable Cross-site request forgery (CSRF) protection"
+        # setting in qBittorrent instead of using these directives to tamper the headers.
+        # The setting is located under "Options -> WebUI tab" in qBittorrent since v4.1.2.
+        #proxy_hide_header       Referer;
+        #proxy_hide_header       Origin;
+        #proxy_set_header        Referer                 '';
+        #proxy_set_header        Origin                  '';
+
+        # Not needed since qBittorrent v4.1.0
+        #add_header              X-Frame-Options         "SAMEORIGIN";
 
         # in a future version of qBittorrent (probably 4.2.2),
         # it will be possible to set the "Secure" flag for the session cookie,