GitLab

I'm running a hidden service on my raspberry pi. My pi is running a docker container with tor running version 0.4.1.6 although a few other pis have lower versions and still see this issue. On the pi I also run a few apis and a Vuejs application.

Previously while running version 8.5.5, when making http requests (I'm not using https), the request header origin was always supplied and my cross origin policy was fine. However, with 9.0.0 the request header origin is not passed via a standard http request. Then the Tor browser throws this, "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://OMITTED.onion:3000/OMITTED/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing"

Was this an intentional change or a bug? Is there any settings I could change in the browser to alleviate this?

Trac:
Username: stridentbean