NextChat http自定义 API 仅支持 localhost，使用非本机 ip 或 url 均无法访问[Bug]

Bug Description

自定义接口使用本地部署的 API可以正常使用，使用非本机部署的API 显示 failed to load 或 failed to fetch。部署的 API 应该没有问题，在本机通过端口转发将外部 ip 对应端口映射至本地也可正常使用。

Steps to Reproduce

1.使用本地部署 api： 2.使用非本机部署 api：

Expected Behavior

使用 http+外部 ip 的 API 也可以正常使用。

Screenshots

No response

Deployment Method

[X] Docker
[ ] Vercel
[ ] Server

Desktop OS

Macos

Desktop Browser

No response

Desktop Browser Version

No response

Smartphone Device

No response

Smartphone OS

No response

Smartphone Browser

No response

Smartphone Browser Version

No response

Additional Logs

No response

Feb 21 '24 07:02 wjfu99

Bot detected the issue body's language is not English, translate it automatically.

Title: http custom API only supports localhost, and cannot be accessed using non-native IP or url [Bug]

Feb 21 '24 07:02 Issues-translate-bot

from you screenshot it seems to the cors issue with your openai api provider?

Feb 21 '24 13:02 fred-bf

from you screenshot it seems to the cors issue with your openai api provider?

but if i forward the api provider ip&port to local, then the nextweb works well, it's very strange. By the way, the api provider is deployed in a server on the same subnet, and i currently use vscode for prot forwarding.😂

Feb 21 '24 13:02 wjfu99

sorry, close the issue by accident.

Feb 21 '24 13:02 wjfu99

from you screenshot it seems to the cors issue with your openai api provider?

Besides, I can access the API service well via curl command:

curl --location 'http://ip:port/v1/chat/completions' \
--header 'Content-Type: application/json' \
--header 'Authorization: xxxxx' \
--data '{
  "model": "gpt-4",
  "messages": [ {"role": "user", "content": "hello"}]
}'

the api service also works with a congeneric app ChatX, but in NextChat, it still not work.

Feb 22 '24 00:02 wjfu99

I have used Burp Suite to capture http package, and the result demonstrate that when using a API deployed in localhost, the request packages are sent correctly:

OPTIONS /v1/chat/completions HTTP/1.1
Host: localhost:1999
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-requested-with
Origin: https://app.nextchat.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close

POST /v1/chat/completions HTTP/1.1
Host: localhost:1999
Content-Length: 773
sec-ch-ua: "Chromium";v="121", "Not A(Brand";v="99"
Accept: application/json, text/event-stream
Content-Type: application/json
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
sec-ch-ua-platform: "macOS"
Origin: https://app.nextchat.dev
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close

{"messages":[{"role":"system","content":"\nYou are ChatGPT, a large language model trained by OpenAI.\nKnowledge cutoff: 2021-09\nCurrent model: gpt-4\nCurrent time: 2/22/2024, 9:31:13 AM\nLatex inline: $x^2$ \nLatex block: $$e=mc^2$$\n\n"},{"role":"user","content":"hello"},{"role":"assistant","content":"Hello! How can I assist you today?"},{"role":"user","content":"0.0.0.0 是监听本机所有 ip 吗"},{"role":"assistant","content":"\n\nUnauthorized access, please enter access code in [auth](/#/auth) page, or enter your OpenAI API Key.\n\n```json\n{\n  \"error\": \"Unauthorized\"\n}\n```"},{"role":"user","content":"docker -e 可以添加多个环境变量吗"}],"stream":true,"model":"gpt-4","temperature":0.5,"presence_penalty":0,"frequency_penalty":0,"top_p":1}

And if I set the endpoint API to another subnet host (Like http://222.21.136.207:1999), then no http package is captured, and the NextChat just raise an error:

However, if I set the API to localhost back, then capture and redirect the http package to the subnet host. In this way, NextChat can receive the response package from the subnet host and works correctly, which can not achieved by directly set the subnet host API as the endpoint API in the configuration.

Feb 22 '24 01:02 wjfu99

你是不是使用了 NAT 进行了端口映射，这可能会有 NAT 环回的问题。

Feb 22 '24 02:02 SubtleSpark

Bot detected the issue body's language is not English, translate it automatically.

Have you used NAT for port mapping? This may cause NAT loopback problems.

Feb 22 '24 02:02 Issues-translate-bot

你是不是使用了 NAT 进行了端口映射，这可能会有 NAT 环回的问题。

我应该没有主动配置 NAT 端口映射，而且 NAT 环回会导致 NextChat这类 app不能 send url request 吗？主要用 curl又是好的，就很奇怪。

Feb 22 '24 03:02 wjfu99

Bot detected the issue body's language is not English, translate it automatically.

Have you used NAT for port mapping? This may cause NAT loopback problems. I should not have actively configured NAT port mapping, and will NAT loopback prevent apps like NextChat from sending url requests? Mainly using curl is fine, but it's strange.

Feb 22 '24 03:02 Issues-translate-bot

Same problem, Macos + Docker, Set api to localhost works fine, but it won't work if set to my own server ip, but I can access the api service well via python script.

Feb 22 '24 03:02 WAGMY

Same problem, Macos + Docker, Set api to localhost works fine, but it won't work if set to my own server ip, but I can access the api service well via python script.

Supplement: If using windows nextchat client, it work fine if set to my own server ip

Feb 22 '24 03:02 WAGMY

Same problem, Macos + Docker, Set api to localhost works fine, but it won't work if set to my own server ip, but I can access the api service well via python script.

Supplement: If using windows nextchat client, it work fine if set to my own server ip

Very useful information, i'm a mac user too, and the nextchat web also didn't work on ios device. i will test it on windows later.

Feb 22 '24 04:02 wjfu99

Same problem. I hosted a OpenAI-Like API on server and it works fine with curl(on macos)/Next-Web(on windows client),but raised a error using Next-Web(on macos client)

curl(on macos): Next-Web(on windows client): Just works fine. Next-Web(on macos client):

Feb 22 '24 04:02 daobee

@fred-bf I believe the bug tag should be added back, since another issue #2810 reveals this bug too. This bug seems to exist for a period.

Feb 22 '24 11:02 wjfu99

I don't have any issues with this; it has been running on Kubernetes (k8s) without problems

Feb 22 '24 12:02 H0llyW00dzZ

I don't have any issues with this; it has been running on Kubernetes (k8s) without problems

Are you using an Mac client? It seems that the issue only exist on Mac.

Feb 22 '24 12:02 wjfu99

I don't have any issues with this; it has been running on Kubernetes (k8s) without problems

Are you using an Mac client? It seems that the issue only exist on Mac.

right now I am using windows client and using port-forward pods k8s

Feb 22 '24 14:02 H0llyW00dzZ

kind reminder, ur api domain exposed in ur first image

Feb 23 '24 05:02 LimLLL

I just tried build a development macOS client, it could make request to custom ip. But when switching to a online version, I could reproduce this issue. It might be released to tauri production build configuration?

Feb 23 '24 06:02 fred-bf

I just tried build a development macOS client, it could make request to custom ip. But when switching to a online version, I could reproduce this issue. It might be released to tauri production build configuration?

no,the problem its not only desktop

Feb 24 '24 01:02 H0llyW00dzZ

I just tried build a development macOS client, it could make request to custom ip. But when switching to a online version, I could reproduce this issue. It might be released to tauri production build configuration?

Supplement: the same problem also occurs on the online web version (app.nextchat.dev) and the self-deployed vercel version. Hope this info help.

Feb 24 '24 06:02 wjfu99

@wjfu99 For web version, plz check whether its blocked by mixed https content CleanShot 2024-02-26 at 12 39 17@2x

Feb 26 '24 04:02 fred-bf

@fred-bf Hi, you are absolutely right! i check the console log, and find the mixed content error: So, this issue on web version can be solved by allowing the insecure content in website permission: By the way, do you have any ideas on how to solve this problem in the local client version?🤣

@wjfu99 For web version, plz check whether its blocked by mixed https content

Feb 26 '24 06:02 wjfu99

close for now, please feel free to report if you encounter any additional issue

Feb 26 '24 09:02 fred-bf

how fix

May 04 '24 14:05 hhhaiai

Bot detected the issue body's language is not English, translate it automatically.

how fix

May 04 '24 14:05 Issues-translate-bot

how can i do, how fix

机器人检测到问题主体的语言不是英语，请自动翻译。

如何修复

May 04 '24 14:05 hhhaiai

Bot detected the issue body's language is not English, translate it automatically.

how can i do, how to fix

The robot has detected that the language of the subject of the question is not English, please automatically translate it.

How to fix ![image](https://private-user-images.githubusercontent.com/5738285/327954880-0e3a05d4-da42-4056-85df-6fe609d76cef.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3 MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ4MzMxMjAsIm5iZiI6MTcxNDgzMjgyMCwicGF0aCI6Ii81NzM4Mj g1LzMyNzk1NDg4MC0wZTNhMDVkNC1kYTQyLTQwNTYtODVkZi02ZmU2MDlkNzZjZWYucG5nP1g tQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT 0RZTFNBNTNQUUs0WkElMkYyMDI0MDUwNCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0 JlgtQW16LURhdGU9MjAyNDA1MDRUMTQyNzAwWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWdu YXR1cmU9OWUxYjNiNmUxNTRiMTJhY2Q5MDY2NWYyZGMwY2Q4MDE5ZGFjMzFiYmU4ZWJmNjJhZjFiYTYzOGVmNmZjYjBlZSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZX lfaWQ9MCZyZXBvX2lkPTAifQ.Ma7l5oByAFB58FYLkdrmTJqoY3wcsODa_fFWS1s4bG0)

May 04 '24 14:05 Issues-translate-bot

@hhhaiai you can solve this by allowing the insecure content in website permission (chrome and edge should both support that): refer to this reply

May 06 '24 12:05 wjfu99