I know there are hundreds, (maybe more) similar questions on here, I checked almost all of them but none was helpful because I think my issue is totally different.
I developed a web app (A chat web app) using Flutter and Firebase that can be used and run normally on normal browsers e.g; Chrome, Safari, Firefox, .. etc, however, when I run it on tor it loads perfectly, but only when I try to log in or register I get these two errors in the tor browser console:`
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=AIzaSyDp0fmvGxlSPXR8_4DVW6oKNBTKUFODDSs. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=AIzaSyDp0fmvGxlSPXR8_4DVW6oKNBTKUFODDSs. (Reason: CORS request did not succeed). Status code: (null)`
Not to mention, I can still log in / register on tor if I use the original hostname of the web app (clearnet version), but the onion link that I got from tor for my web app while setting up the hidden service is what causing the errors, so I don't know if it is the tor or Nginx causing the main problem..
I tried using this in nginx configuration:
`
server {
listen 8444;
server_name mysite.onion;
location / {
root /var/www/mysite;
index index.html;
# Add CORS headers
add_header 'Access-Control-Allow-Origin' 'https://mysite.onion' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Con>
# Optional: Add more CORS headers if needed
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}`
I also added the onion domain in the firebase console (Authorised Domains) ..
Any help would be highly appreciated..