diff --git a/frappe/desk/reportview.py b/frappe/desk/reportview.py
index cc7688b7f0..ef7f5918e7 100644
--- a/frappe/desk/reportview.py
+++ b/frappe/desk/reportview.py
@@ -28,6 +28,8 @@ def get_form_params():
 	data = frappe._dict(frappe.local.form_dict)
 
 	del data["cmd"]
+	del data["data"]
+
 	if "csrf_token" in data:
 		del data["csrf_token"]
 
diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py
index 66238dd4b0..9e64b913c3 100644
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@@ -747,6 +747,7 @@ def get_list(doctype, *args, **kwargs):
 	'''wrapper for DatabaseQuery'''
 	kwargs.pop('cmd', None)
 	kwargs.pop('ignore_permissions', None)
+	kwargs.pop('data', None)
 
 	# If doctype is child table
 	if frappe.is_table(doctype):
diff --git a/frappe/public/js/frappe/request.js b/frappe/public/js/frappe/request.js
index 031ab6f0c1..08bf71f381 100644
--- a/frappe/public/js/frappe/request.js
+++ b/frappe/public/js/frappe/request.js
@@ -75,6 +75,12 @@ frappe.call = function(opts) {
 		}
 	}
 
+	let url = opts.url;
+	if (!url) {
+		url = '/api/method/' + args.cmd;
+		delete args.cmd;
+	}
+
 	return frappe.request.call({
 		type: opts.type || "POST",
 		args: args,
@@ -87,7 +93,7 @@ frappe.call = function(opts) {
 		headers: opts.headers || {},
 		// show_spinner: !opts.no_spinner,
 		async: opts.async,
-		url: opts.url || frappe.request.url,
+		url,
 	});
 }