Evilginx and CORS

Family_Time_KIDDIES · June 5, 2025, 6:05am

Hey guys, quick question about Evilginx and CORS.

I’ve set up my Nginx reverse proxy to pass traffic to Evilginx on port 8080, and I added the typical CORS headers in the Nginx config:

add_header ‘Access-Control-Allow-Origin’ ‘*’;
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;
add_header ‘Access-Control-Allow-Headers’ ‘Content-Type, Authorization’;

But I’m still running into CORS issues when trying to fetch data or load in browsers or scripts.

Has anyone here gotten CORS to work properly with Evilginx?
Do I need to do anything special on the Evilginx side, or is it all handled at the Nginx proxy level?

Appreciate any help you can offer

fluxxset · June 5, 2025, 6:08am

i think its nginx issue it suppose to forword all haders but it is not .

fluxxset · June 5, 2025, 6:09am

try

# --- Standard Proxy Headers ---
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

Family_Time_KIDDIES · June 5, 2025, 10:17am

Thanks bro, I added those proxy headers you mentioned — Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto. The config test passed and I reloaded Nginx. Fingers crossed now! If anything still acts up, I’ll let you know .