CORS errors when using the "Quick OAuth Flow" auth troubleshooter

[anthony-c-martin]

Inspector Version

0.16.7

Describe the bug

I'm trying to troubleshoot a new remote MCP server, and see this error message:

When I look at the browser logs, I see the following, indicating the web requests aren't actually failing - it's just being blocked by my browser's CORS policy:

Access to fetch at 'https://<redacted>/.well-known/oauth-protected-resource' from origin 'http://localhost:6274' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

To Reproduce
Steps to reproduce the behavior:

1. Add remote server, click 'Connect'
2. Click on 'Auth'
3. Scroll down to 'Quick OAuth Flow'
4. See error

Expected behavior

1. The app is able to make requests regardless of CORS policy, or instructions are provided on how to run it in a way to bypass.
2. The error message is more descriptive of the problem, rather than indicating a generic problem has occurred.

Screenshots
See above

Environment (please complete the following information):

• OS: macOS (Tahoe 26.0)
• Browser: Edge

Additional context
N/A

[Xueyao-Huang]

same in 0.16.8