Giantrabbit need a reverse proxy for requests on donate-api
To make donations work on the donate.tpo onion service address Giant rabbit need a reverse proxy setup in order to be able to set a cookie.
This solution will also allow them to address the problem with donations via Paypal.
In fact, the problem with PayPal has to do with the "first party isolation" feature. PayPal gets launched in a separate tab and once you login to paypal and authorize the payment, it usually closes that tab and sends you back to the original donation page, but in the Tor Browser it can't communicate back to the original destination page so it falls back to an older mechanism and makes a GET request to the donate-api site.
When giantrabbit encountered this problem a few years ago, we did some work to work around it by storing the form choices in local storage and then sending it over with this GET request, but that also doesn't work with the two site donation server setup because of restrictions of the donate site accessing local storage for the donate-api site. The reverse proxy also fixes this problem.
What they need is the following setup for donate.tpo and https://lektor-staging.torproject.org/donate/staging/:
SSLProxyEngine on
ProxyPass "/api" "https://donate-api.torproject.org"
ProxyPassReverse "/api" "https://donate-api.torproject.org"
And would need mod_proxy and mod_proxy_http enabled. [In the case of staging it should be proxied to staging.donate-api]
donate.tpo is currently part of the static websites rotation.