The default Ripple option is to use a remote proxy, so all calls go through e.g. https://rippleapi.herokuapp.com/xhr_proxy?tinyhippos_apikey=ABC&tinyhippos_rurl=https%3A//login.somehost.net/common/oauth2/token.
This is a terrible option because the information that user is sending may be extremely security sensitive.
You can set the proxy to be local, but you’d need to specify that every time you launch Chrome.
Using local proxy is more common practice, and maybe it should be used by default?