OTP / 2FA not working due to CORS, systemwide

Hey guys,

currently I can't use 2FA because my browser (FF, Chrome) blocks it.
Console says due to CORS. On my macbook it's working.

I thought the expansions are the cause, but since they are identical for my mac, I would rule it out.

So my question, does someone know if it is possible on Windows 10 to block CORS request or has an idea where to look for an additional config setting?

Best regards
Hendrik


1Password Version: 7.6.791
Extension Version: 4.7.5.90
OS Version: Windows 10 Pro 20H2
Sync Type: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @TheFan! Welcome to the forum!

    For clarification, what happens exactly when you try to use 2FA on this computer? Do you get an error message?

  • TheFan
    TheFan
    Community Member

    Hi Ana,

    let's say I'd like to login to Reddit. When I provide the 2FA Code, Reddit would tell me that this code is not correct.
    Which can't be the case, since the same login is used on my mac (and working for that matter).

    When I looked into the browser console, I saw that everytime i'm POSTing my 2FA Code, all my browsers will block this request with the notice due to CORS. (Example:

    "Cross-Origin Request Blocked: The Same Origin Policy disallows
    reading the remote resource at https://some-url-here. (Reason:
    additional information here).

    ")
    So from my understanding I don't have any local server running which would take the request (which would then be cause for CORS), so I'm a little bit lost.

    Things I tried:
    Resetting Browser by removing pref.js from FF
    Changeing DNS Server
    Using 2FA Code from 1Password for Android and typing it in by hand.

    Things I didn't do:
    Tampering with plugins to enable CORS for development.

  • Hi @TheFan 👋

    CORS feels like a weird thing here, because it doesn't make sense that Reddit would reject the login attempt and have CORS play a role at the same time.

    Could you first make sure that your system clock is correct? This will help us rule out Reddit possibly using some timestamp from the browser to see if the 2FA request was valid was it was sent.

    Likewise, are you by any chance behind any kind of VPN or Proxy while encountering this?

  • TheFan
    TheFan
    Community Member

    Hey Blake,

    thanks for the tip. Last sync successful time sync was around October. I pushed the "Now sync" button and tried login to Reddit.
    And the login went through. 🥳

    FYI for future reference PayPal seems to use the same mechanism.

  • That's more like it! I'm glad to hear that fixed things up and got things working properly again!

    I'll definitely make sure to keep this in my playbook for the next time we run into this. Appreciate the follow-up! 💙

This discussion has been closed.