I have a local application that runs on a computer or within a local network, and I want to make it available through the Onion site. To provide access to a local application through the Onion site, I use Nginx as a proxy. Nginx listens for incoming requests on the Onion site and redirects them to my local application.I also have proxy settings, but I’m not sure if they are correct Here is my cors problem:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/sign_up. (Reason: CORS request did not succeed). Status code: (null).
Cookie “” has been rejected as third-party. sign_in
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/sign_in. (Reason: CORS request did not succeed). Status code: (null).
Backend has '*' in all origins. Here is my nginx hiddenservice.conf:
server {
listen 127.0.0.1:80;
listen 127.0.0.1:8000;
listen 3000;
listen 8000;
server_name HIDDEN_SERVICE_HERE.onion;
more_set_headers 'Server: Secure';
more_set_headers 'X-XSS-Protection: 1; mode=block';
root /var/www/hiddenservice;
index index.html;
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;
location = / {
proxy_pass http://nextjs:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Access-Control-Allow-Origin *;
proxy_set_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
proxy_set_header Access-Control-Allow-Headers '*';
}
location = /_next/webpack-hmr {
proxy_pass http://nextjs:3000/_next/webpack-hmr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Access-Control-Allow-Origin *;
}
location / {
proxy_pass http://nextjs:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location = /error.html {
internal;
}
I really don't get whats wrong with nginx settings and why it blocks everything. I almost gave up with the .onion app, so thanks in advance for any little help with this shhhhhell.
P.SCORS Backend (here you can see how I frustratingly came to "*" ):
origins = [
"http://localhost:3000",
"https://localhost:3000",
"ws://localhost:3000",
"wss://localhost:3000",
"http://localhost:8000",
"https://localhost:8000",
"ws://localhost:8000",
"wss://localhost:8000",
"http://*.onion",
"ws://http://*.onion",
"ws*.onion",
"http*",
"ws*",
"*",
]
app.add_middleware(
CORSMiddleware,
allow_origins=origins,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"],
)
One of requests :
let response = await fetch(
"http://localhost:8000/sign_up",
{
method: "POST",
body: JSON.stringify(formState),
headers: {
"Content-Type": "application/json"
}
}
);
UPD: I run this using docker compose:
services:
db:
image: postgres:latest
restart: always
env_file:
- .env
networks:
- app-network
backend:
build:
context: .
dockerfile: DockerfileBackend
ports:
- "8000:8000"
networks:
- app-network
depends_on:
- db
nextjs:
build:
context: .
dockerfile: DockerfileFrontend
ports:
- "3000:3000"
networks:
- app-network
depends_on:
- db
- backend
nginx:
build:
context: .
dockerfile: Dockerfile
networks:
- app-network
depends_on:
- nextjs
networks:
app-network:
driver: bridge