It is quite often with auth flows involving CLI tooling, notable awscli, the final redirect hop is POSTing back to an http://localhost:{port} address, which is the local CLI tool listening.
This is a bit annoying in Orion since it prompts every time. At least being able to "allow always" or some action would be nice.
I come from Firefox, and I don't even recall it ever prompting about this. Maybe it's aware of http://localhost being "secure" since it's not going over the network, I'm not sure.