From deb55962b0a8723d7fcc1126c96d99f3d5a595bc Mon Sep 17 00:00:00 2001
From: Kriskras99 <Kriskras99@users.noreply.github.com>
Date: Sun, 18 Jun 2017 23:42:52 +0200
Subject: [PATCH] Because of Cross-Site Request Forgery defense API14 breaks
 everything if the referer header is not used (I.E. API calls).

---
 WebUI-API-Documentation.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/WebUI-API-Documentation.md b/WebUI-API-Documentation.md
index c6b7777..6cdfd9a 100644
--- a/WebUI-API-Documentation.md
+++ b/WebUI-API-Documentation.md
@@ -74,6 +74,9 @@
 * Changes between `API3` and `API4`:
   * `application/json` is the MIME type of the replies that had `text/javascript` as MIME type.
 
+* Changes in `API14`:
+  * The `Referer` header is now expected in all HTTP requests. qBittorrent will drop any request sent without the referer header.
+
 # Authorization #
 
 qBittorrent uses a cookie based authentication.