Unable to login on web (https://app.insomnia.rest/app/authorize) with CORS issue

[2hyjun]

Expected Behavior

1. Pressed Login button on Insomnia Mac OS application (2023.2.2)
2. Chrome has been opened and redirected to https://app.insomnia.rest/app/authorize
3. Login via Google and succeeded
4. I have entered my correct passphrase, and it should be continued.

Actual Behavior

If I enter my passphrase and continue,

1. 'Invalid passphrase, please try again' error is appearing.

It is the correct passphrase, and I did reset it several times

Access to fetch at 'https://api.insomnia.rest/auth/web-login-s' from origin 'https://app.insomnia.rest' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

Failed to load resource: net::ERR_FAILED

And using CORS extensions doesn't work.

Reproduction Steps

You can see expected behavior

Is there an existing issue for this?

• I have searched the issue tracker for this problem.

Additional Information

No response

Insomnia Version

2023.2.2

What operating system are you using?

macOS

Operating System Version

13.2.1 (22D68)

Installation method

download from insomnia.rest

Last Known Working Insomnia version

No response

[2hyjun]

CleanShot.2024-07-03.at.15.11.48.mp4

[filfreire]

@2hyjun are you by any chance using a Proxy or a VPN?

[2hyjun]

@filfreire yes, I have a proxy for corporate security 😢.
Is there any ways to login with the Proxy?

[filfreire]

@2hyjun I encourage you to try the latest beta version https://github.com/Kong/insomnia/releases/tag/core%409.3.3-beta.0

There is a new setting there that should help:

In your case you could try to disable the setting. Let us know if it helped.

[2hyjun]

@filfreire
Unfortunately, It doesn't work.
Can the settings you mentioned above resolve my CORS error on the web?

CleanShot.2024-07-16.at.15.58.13.mp4

[monecchi]

Same here.

Access to fetch at 'https://api.insomnia.rest/auth/web-login-s' from origin 'https://app.insomnia.rest' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.Understand this error
api.insomnia.rest/auth/web-login-s:1 
        
        
       Failed to load resource: net::ERR_FAILED

[notjaywu]

@monecchi @2hyjun I wonder if you enable any CORS plugin that blocks this request?

[monecchi]

Hi there. Thanks for replying. No, I haven't any Insomnia plugins that might be blocking those requests. Actually I had to enable a Chrome extension in order to enable a rule which allows *.insomnia.rest domain to successfully pass the browser CORS issue. If I remove the rule I created, the requests to insomnia.rest are blocked again. I'm using Chrome's latest version (128.0.6613.114) by the way. Att. Adriano Monecchi ***@***.*** Tel: +55 31 99679-5773 Em sex., 30 de ago. de 2024 às 12:03, Jay Wu ***@***.***> escreveu:

…

@monecchi <https://github.com/monecchi> @2hyjun <https://github.com/2hyjun> I wonder if you enable any CORS plugin that blocks this request? — Reply to this email directly, view it on GitHub <#7647 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABICLJ2LA2VWMRJN2EZI6ATZUCCUXAVCNFSM6AAAAABKI3MRKGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRRGU2DCOBXGY> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[notjaywu]

@monecchi Can you review if any Chrome plugin or security policy will remove the Origin header or reset it to *? I'd suggest you use another browser.

[gatzjames]

Hey 👋 everyone! For anyone having this issue because of a proxy config in their machine,
we have an update in v10.1.0-beta where Insomnia now respects the System Proxy config if it's there.
Please try the latest beta and let us know if it works as expected for you!