insomnia icon indicating copy to clipboard operation
insomnia copied to clipboard
verified publisher icon Kong

Unable to login on web (https://app.insomnia.rest/app/authorize) with CORS issue

Open 2hyjun opened this issue 1 year ago • 12 comments

Expected Behavior

  1. Pressed Login button on Insomnia Mac OS application (2023.2.2)
  2. Chrome has been opened and redirected to https://app.insomnia.rest/app/authorize
  3. Login via Google and succeeded
  4. I have entered my correct passphrase, and it should be continued.

Actual Behavior

If I enter my passphrase and continue,

  1. 'Invalid passphrase, please try again' error is appearing.

It is the correct passphrase, and I did reset it several times

Access to fetch at 'https://api.insomnia.rest/auth/web-login-s' from origin 'https://app.insomnia.rest' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

Failed to load resource: net::ERR_FAILED

And using CORS extensions doesn't work.

Reproduction Steps

You can see expected behavior

Is there an existing issue for this?

Additional Information

No response

Insomnia Version

2023.2.2

What operating system are you using?

macOS

Operating System Version

13.2.1 (22D68)

Installation method

download from insomnia.rest

Last Known Working Insomnia version

No response

2hyjun avatar Jul 03 '24 06:07 2hyjun

https://github.com/Kong/insomnia/assets/27001666/02d4d03e-d06e-45bc-b5f7-b341d8e18577

2hyjun avatar Jul 03 '24 06:07 2hyjun

@2hyjun are you by any chance using a Proxy or a VPN?

filfreire avatar Jul 03 '24 09:07 filfreire

@filfreire yes, I have a proxy for corporate security 😢. Is there any ways to login with the Proxy?

2hyjun avatar Jul 08 '24 07:07 2hyjun

@2hyjun I encourage you to try the latest beta version https://github.com/Kong/insomnia/releases/tag/core%409.3.3-beta.0

There is a new setting there that should help:

image

In your case you could try to disable the setting. Let us know if it helped.

filfreire avatar Jul 12 '24 15:07 filfreire

@filfreire Unfortunately, It doesn't work. Can the settings you mentioned above resolve my CORS error on the web?

https://github.com/user-attachments/assets/f175b800-52e3-463c-b507-2810249780e6

2hyjun avatar Jul 16 '24 07:07 2hyjun

Same here.

Access to fetch at 'https://api.insomnia.rest/auth/web-login-s' from origin 'https://app.insomnia.rest' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.Understand this error
api.insomnia.rest/auth/web-login-s:1 
        
        
       Failed to load resource: net::ERR_FAILED

monecchi avatar Aug 26 '24 01:08 monecchi

@monecchi @2hyjun I wonder if you enable any CORS plugin that blocks this request?

notjaywu avatar Aug 30 '24 15:08 notjaywu

Hi there. Thanks for replying. No, I haven't any Insomnia plugins that might be blocking those requests. Actually I had to enable a Chrome extension in order to enable a rule which allows *.insomnia.rest domain to successfully pass the browser CORS issue. If I remove the rule I created, the requests to insomnia.rest are blocked again. I'm using Chrome's latest version (128.0.6613.114) by the way.

Att. Adriano Monecchi @.*** Tel: +55 31 99679-5773

Em sex., 30 de ago. de 2024 às 12:03, Jay Wu @.***> escreveu:

@monecchi https://github.com/monecchi @2hyjun https://github.com/2hyjun I wonder if you enable any CORS plugin that blocks this request?

— Reply to this email directly, view it on GitHub https://github.com/Kong/insomnia/issues/7647#issuecomment-2321541876, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABICLJ2LA2VWMRJN2EZI6ATZUCCUXAVCNFSM6AAAAABKI3MRKGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRRGU2DCOBXGY . You are receiving this because you were mentioned.Message ID: @.***>

monecchi avatar Aug 30 '24 16:08 monecchi

@monecchi Can you review if any Chrome plugin or security policy will remove the Origin header or reset it to *? I'd suggest you use another browser.

image

notjaywu avatar Sep 01 '24 07:09 notjaywu

Hey 👋 everyone! For anyone having this issue because of a proxy config in their machine, we have an update in v10.1.0-beta where Insomnia now respects the System Proxy config if it's there. Please try the latest beta and let us know if it works as expected for you!

gatzjames avatar Sep 26 '24 14:09 gatzjames

Hi. I have a similar problem. I can't log in, I get the error "Try again after disabling any CORS extension from your computer." I don't use a proxy. Tried with and without VPN. Tried on versions 11.4.0 and 11.0.2. System Win 11 pro, Version 10.0.22631 Build 22631. Before that, Insomnia was lagging a lot. I decided to try re-login. Didn't work.

UPD: I tried Edge 138.0.3351.121 and Chrome 139.0.7258.67, disabled all protections that I found. Closed all applications. Disabled antivirus, firewall and almost all protections in the OS. The result is the same

https://github.com/user-attachments/assets/47397656-22b2-4140-9e61-218d9eb6e896

MexoOne avatar Aug 11 '25 13:08 MexoOne

Today I also got this behavior on my Mac.

17andrei17-ship-it avatar Oct 27 '25 11:10 17andrei17-ship-it