ember-market-frontend/TOR-README.md

# Ember Market on Tor

This document explains how to run Ember Market in a Tor-friendly way, ensuring compatibility with .onion domains and the Tor network.

## Tor-Optimized Configuration

The application is designed to work seamlessly with Tor by:

1. Using relative URLs throughout the codebase
2. Avoiding hardcoded domain names
3. Ensuring all API requests work regardless of the domain

## Running in Tor Mode

To start the application in Tor mode:

```bash
# Development
npm run dev:tor

# Production
npm run start:tor
```

These commands use the `.env.tor` configuration file, which sets appropriate environment variables for Tor usage.

## Accessing via .onion Domain

When deployed to a Tor hidden service:

1. The application automatically detects the .onion domain
2. All API requests are made relative to the current domain
3. No changes are needed to the codebase or configuration

## Security Considerations for Tor

- All API requests use relative URLs to prevent domain leakage
- Authentication is performed on the same domain to maintain anonymity
- No external resources are loaded that could compromise Tor anonymity

## Deployment to a Tor Hidden Service

To deploy as a Tor hidden service:

1. Set up a Tor hidden service pointing to the application port (default: 3000)
2. Use the `start:tor` script to ensure proper environment variables
3. The application will automatically work with the .onion domain

## Checking Tor Compatibility

To verify the application is working correctly with Tor:

1. Check network requests in the browser's developer tools
2. All API requests should go to relative paths (e.g., `/api/auth/me`)
3. No absolute URLs should be used in requests

## Troubleshooting Tor Issues

- If authentication fails, check that cookies are enabled in your Tor browser
- If API requests fail, verify that the application is accessible via the .onion domain
- For security issues, ensure JavaScript is enabled for the .onion domain in Tor browser settings