0

We have a legacy website which I'd like to supplement with a chrome extension as a temporary measure.

The site is set up with Spring Security and each request is authenticates with an access token.

I have tried creating an extension that makes a request to the endpoint visible from network requests with the correct data but the endpoint does not respond at all.

Running the same code directly on the website through DevTools gives me a proper response, so I'm thinking the error is due to CORS.

Is there a way to make a chrome extension run code directly on the page so there wouldn't be any CORS issues or should I approach this issue a different way?

Allan P
  • 73
  • 6
  • If you make a `GET` request in the content script it should be the same as the one performed by the site whereas methods like `PUT` or `POST` would add `Origin` of the extension. Anyway, you can fully impersonate the [page context](/a/9517879) or use chrome.webRequest.onBeforeSendHeaders in the background script to change the headers of your own requests made via fetch/xhr. – wOxxOm Oct 03 '20 at 13:42
  • Thanks for your comment. Is there a way to change the origin for a post/put to be for the site? @wOxxOm – Allan P Oct 03 '20 at 15:00

0 Answers0