In a previous commit, a new proxy endpoint was added to the backend to resolve CORS errors that occurred when the frontend directly fetched data from Risu Realm.
However, the proxy endpoint handler failed to properly process POST requests, causing account login failures. Additionally, the backend was inefficiently performing complex body processing.
The updated code now directly pipes the original request, providing a more efficient and reliable solution.
Problem:
The Node.js hosted version of RisuAI encountered an issue where it failed to fetch data from the Risu Realm server when accessed remotely.
RisuAI's frontend directly fetches data from the Realm server (e.g., sv.risuai.xyz). While the official web version did not exhibit CORS errors (potentially due to same-origin deployment or specific server-side CORS configurations), running the Node.js version on a self-hosted server and accessing it remotely resulted in browser CORS policy violations.
Solution:
The fix involves detecting when the frontend runs in the Node.js host environment.
When this environment is detected, instead of requesting Realm data directly from the external server (sv.risuai.xyz), the frontend now directs the request to a new proxy endpoint (`/hub-proxy/*`) on its own backend server.
The backend proxy then fetches the required data (including JSON and images) from the actual Realm server, correctly handles content types and compression, and relays the response back to the frontend.
This ensures that, from the browser's perspective, the frontend is communicating with its same-origin backend, effectively bypassing browser CORS restrictions and resolving the data fetching issue.
The Node.js hosting version of RisuAI previously used simple app.listen for server execution, which didn't support native HTTPS. This caused several functionality issues due to browser security restrictions when accessing RisuAI externally, such as realm loading failures and inability to insert prompt presets.
The updated code now checks for certificate files named server.key and server.crt in the /server/node/ssl/certificate directory. If found, the server will start using HTTPS.
The /ssl directory includes a script to generate a self-signed SSL certificate using OpenSSL. To use it, add the server's public IP to the [ alt_names ] section in server.conf before generating the certificate. The CA certificate should be installed on the operating system or browser of devices remotely accessing RisuAI.
For production use with a domain, it's recommended to use a certificate from an official Certificate Authority.
