diff --git a/BTCPayServer/Filters/DomainMappingConstraintAttribute.cs b/BTCPayServer/Filters/DomainMappingConstraintAttribute.cs
index 5b3f5153d..ecb6a66a6 100644
--- a/BTCPayServer/Filters/DomainMappingConstraintAttribute.cs
+++ b/BTCPayServer/Filters/DomainMappingConstraintAttribute.cs
@@ -1,6 +1,6 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
+using BTCPayServer.Abstractions.Extensions;
 using BTCPayServer.Services;
 using Microsoft.AspNetCore.Mvc.ActionConstraints;
 using Microsoft.Extensions.DependencyInjection;
@@ -25,7 +25,7 @@ namespace BTCPayServer.Filters
         {
             var req = context.RouteContext.HttpContext.Request;
             var policies = context.RouteContext.HttpContext.RequestServices.GetService<PoliciesSettings>();
-            var mapping = policies?.DomainToAppMapping?.ToList() ?? new List<PoliciesSettings.DomainToAppMappingItem>();
+            var mapping = policies?.DomainToAppMapping?.ToList() ?? [];
             if (policies is { RootAppId: { } rootAppId, RootAppType: { } rootAppType })
             {
                 mapping.Add(new PoliciesSettings.DomainToAppMappingItem
@@ -37,7 +37,7 @@ namespace BTCPayServer.Filters
             }
 
             // If we have an appId, we can redirect to the canonical domain
-            if ((string)context.RouteContext.RouteData.Values["appId"] is string appId)
+            if ((string)context.RouteContext.RouteData.Values["appId"] is { } appId && !req.IsOnion())
             {
                 var redirectDomain = mapping.FirstOrDefault(item => item.AppId == appId)?.Domain;
                 // App is accessed via path, redirect to canonical domain