TorrentLeech seems to be checking for JavaScript capabilities #1091

New issue

Closed

opened 2026-02-20 10:07:14 -05:00 by deekerman · 1 comment

deekerman commented

2026-02-20 10:07:14 -05:00

Owner

Originally created by @rumplin on GitHub (Sep 30, 2024).

Is there an existing issue for this?

I have searched the existing open and closed issues

Current Behavior

Lately, prowlarr can't log in to TorrentLeech.

By investigating the logs, I found this telling me that they now probably check for JavaScript capabilities when you log in (I heavily redacted the code, there were many base64 encrypted values there):

HTTP Error - Res: HTTP/2.0 [GET] https://www.torrentleech.org/user/account/login/: 403.Forbidden (8527 bytes)
<!DOCTYPE html>
<html lang="en-US">

<head>
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge">
    <meta name="robots" content="noindex,nofollow">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <style>
        /* redacted */
    </style>
    <meta http-equiv="refresh" content="390">
</head>

<body class="no-js">
    <div class="main-wrapper" role="main">
        <div class="main-content"><noscript>
                <div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div>
            </noscript></div>
    </div>
    <script>(function () { window._cf_chl_opt = { cvId: '3', cZone: "www.torrentleech.org", cType: 'managed', cNounce: '--redacted--', cRay: '--redacted--', 
    cHash: '--redacted--', cUPMDTk: "\/user\/account\/login\/?__cf_chl_tk=--redacted---1727681181-0.0.1.1-4202", cFPWv: 'g', cTTimeMs: '1000', cMTimeMs: '390000', cTplV: 5, cTplB: 'cf', cK: "", 
    fa: "\/user\/account\/login\/?__cf_chl_f_tk=--redacted---1727681181-0.0.1.1-4202", 
    md: "--redacted--", 
    mdrd: "--redacted--", 
    cRq: { ru: '--redacted--', ra: '--redacted--', d: '--redacted--', t: '--redacted--', cT: Math.floor(Date.now() / 1000), m: '--redacted--', 
    i1: '--redacted--', i2: '--redacted--', zh: '--redacted--', uh: '--redacted--', hh: '--redacted--', } }; 
    var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=--redacted--'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/user\/account\/login\/?__cf_chl_rt_tk=--redacted---1727681181-0.0.1.1-4202" + window._cf_chl_opt.cOgUHash); cpo.onload = function () { history.replaceState(null, null, ogU); } } document.getElementsByTagName('head')[0].appendChild(cpo); }());</script>
</body>

</html>

Expected Behavior

Steps To Reproduce

Add tracker
Let prowlarr try to use it.
check logs

Environment

Version    1.24.3.4754
Package Version    1.24.3.4754-ls88 by linuxserver.io
.NET    Yes (6.0.32)
Database    Sqlite 3.45.3
Database Migration    41
Docker Install: Yes
AppData Directory    /config
Startup Directory    /app/prowlarr/bin
Mode    Console

What branch are you running?

Master

Trace Logs?

Already gave enough info in the behavior section. The logs need to be heavily redacted, not to leak username or password.

Trace Logs have been provided as applicable. Reports may be closed if the required logs are not provided.

I have read and followed the steps in the wiki link above and provided the required trace logs - the logs contain trace - that are relevant and show this issue.

Originally created by @rumplin on GitHub (Sep 30, 2024). ### Is there an existing issue for this? - [X] I have searched the existing open and closed issues ### Current Behavior Lately, prowlarr can't log in to **TorrentLeech**. By investigating the logs, I found this telling me that they now probably check for JavaScript capabilities when you log in (I heavily redacted the code, there were many base64 encrypted values there): ``` HTTP Error - Res: HTTP/2.0 [GET] https://www.torrentleech.org/user/account/login/: 403.Forbidden (8527 bytes) <!DOCTYPE html> <html lang="en-US"> <head> <title>Just a moment...</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="robots" content="noindex,nofollow"> <meta name="viewport" content="width=device-width,initial-scale=1"> <style> /* redacted */ </style> <meta http-equiv="refresh" content="390"> </head> <body class="no-js"> <div class="main-wrapper" role="main"> <div class="main-content"><noscript> <div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div> </noscript></div> </div> <script>(function () { window._cf_chl_opt = { cvId: '3', cZone: "www.torrentleech.org", cType: 'managed', cNounce: '--redacted--', cRay: '--redacted--', cHash: '--redacted--', cUPMDTk: "\/user\/account\/login\/?__cf_chl_tk=--redacted---1727681181-0.0.1.1-4202", cFPWv: 'g', cTTimeMs: '1000', cMTimeMs: '390000', cTplV: 5, cTplB: 'cf', cK: "", fa: "\/user\/account\/login\/?__cf_chl_f_tk=--redacted---1727681181-0.0.1.1-4202", md: "--redacted--", mdrd: "--redacted--", cRq: { ru: '--redacted--', ra: '--redacted--', d: '--redacted--', t: '--redacted--', cT: Math.floor(Date.now() / 1000), m: '--redacted--', i1: '--redacted--', i2: '--redacted--', zh: '--redacted--', uh: '--redacted--', hh: '--redacted--', } }; var cpo = document.createElement('script'); cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=--redacted--'; window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash; window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search; if (window.history && window.history.replaceState) { var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash; history.replaceState(null, null, "\/user\/account\/login\/?__cf_chl_rt_tk=--redacted---1727681181-0.0.1.1-4202" + window._cf_chl_opt.cOgUHash); cpo.onload = function () { history.replaceState(null, null, ogU); } } document.getElementsByTagName('head')[0].appendChild(cpo); }());</script> </body> </html> ``` ### Expected Behavior Login works. ### Steps To Reproduce 1. Add tracker 2. Let prowlarr try to use it. 3. check logs ### Environment ```markdown Version 1.24.3.4754 Package Version 1.24.3.4754-ls88 by linuxserver.io .NET Yes (6.0.32) Database Sqlite 3.45.3 Database Migration 41 Docker Install: Yes AppData Directory /config Startup Directory /app/prowlarr/bin Mode Console ``` ### What branch are you running? Master ### Trace Logs? Already gave enough info in the behavior section. The logs need to be heavily redacted, not to leak username or password. ### Trace Logs have been provided as applicable. Reports may be closed if the required logs are not provided. - [X] I have read and followed the steps in the wiki link above and provided the required trace logs - the logs contain `trace` - that are relevant and show this issue.