From 9fe680def1ad117487a42e4968c94da9272b15af Mon Sep 17 00:00:00 2001 From: Dorian Date: Thu, 19 Mar 2026 17:11:40 +0000 Subject: [PATCH] fix: CORS headers on /lnd-connect-info for cross-origin LND UI fetch The LND UI runs on port 8081 (separate nginx container) but fetches /lnd-connect-info from port 80. This is cross-origin, so browsers block reading the response without CORS headers. Added dynamic Access-Control-Allow-Origin from $http_origin. Co-Authored-By: Claude Opus 4.6 (1M context) --- image-recipe/configs/nginx-archipelago.conf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/image-recipe/configs/nginx-archipelago.conf b/image-recipe/configs/nginx-archipelago.conf index c5bce9b6..0e4ca036 100644 --- a/image-recipe/configs/nginx-archipelago.conf +++ b/image-recipe/configs/nginx-archipelago.conf @@ -154,11 +154,13 @@ server { location /lnd-connect-info { # Backend is localhost-only (127.0.0.1:5678) — no cookie gate needed - # LND UI iframe fetch can't reliably send cookies in all browsers + # CORS: LND UI runs on :8081 (cross-origin to :80), needs CORS headers proxy_pass http://127.0.0.1:5678/lnd-connect-info; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials "true" always; } # Content sharing — peer access over Tor (no auth) @@ -808,11 +810,13 @@ server { location /lnd-connect-info { # Backend is localhost-only (127.0.0.1:5678) — no cookie gate needed - # LND UI iframe fetch can't reliably send cookies in all browsers + # CORS: LND UI runs on :8081 (cross-origin to :80), needs CORS headers proxy_pass http://127.0.0.1:5678/lnd-connect-info; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; + add_header Access-Control-Allow-Origin $http_origin always; + add_header Access-Control-Allow-Credentials "true" always; } # Content sharing — peer access over Tor (no auth)