diff --git a/src/app.ts b/src/app.ts
index 6f9bc0b97..a17ac9b46 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -15,6 +15,15 @@ import { webuiRouter } from "@/src/routes/webui";
 
 const app = express();
 
+app.use((req, _res, next) => {
+    // 38.5.0 introduced "ezip" for encrypted body blobs.
+    // The bootstrapper decrypts it for us but having an unsupported Content-Encoding here would still be an issue for Express, so removing it.
+    if (req.headers["content-encoding"] == "ezip") {
+        req.headers["content-encoding"] = undefined;
+    }
+    next();
+});
+
 app.use(bodyParser.raw());
 app.use(express.json({ limit: "4mb" }));
 app.use(bodyParser.text());
diff --git a/src/controllers/api/getFriendsController.ts b/src/controllers/api/getFriendsController.ts
index 292e107c9..1227f84d7 100644
--- a/src/controllers/api/getFriendsController.ts
+++ b/src/controllers/api/getFriendsController.ts
@@ -1,5 +1,6 @@
 import { Request, Response } from "express";
 
+// POST with {} instead of GET as of 38.5.0
 const getFriendsController = (_request: Request, response: Response): void => {
     response.writeHead(200, {
         //Connection: "keep-alive",
diff --git a/src/routes/api.ts b/src/routes/api.ts
index fdea25dcf..530297661 100644
--- a/src/routes/api.ts
+++ b/src/routes/api.ts
@@ -186,6 +186,7 @@ apiRouter.post("/focus.php", focusController);
 apiRouter.post("/fusionTreasures.php", fusionTreasuresController);
 apiRouter.post("/genericUpdate.php", genericUpdateController);
 apiRouter.post("/getAlliance.php", getAllianceController);
+apiRouter.post("/getFriends.php", getFriendsController);
 apiRouter.post("/getGuildDojo.php", getGuildDojoController);
 apiRouter.post("/getVoidProjectionRewards.php", getVoidProjectionRewardsController);
 apiRouter.post("/gildWeapon.php", gildWeaponController);