5

We are having a strange issue regarding CORS from our chrome extension. We are using manifest V3 and have the path set up in host permissions correctly.

We know it's correct, because when you load the extension for the first time, nothing breaks. But if you switch the extension off, then back on again, we get a CORS issue.

The backend is receiving the requests still so I know it's not an 'allowance' issue. Not sure how this is happening but would welcome some help.

  "host_permissions": [
    "http://localhost:3000/*",
    "https://*.ourdomain.com/*",
    "https://maps.googleapis.com/maps/api/place/autocomplete/json"
  ],

Error

Access to fetch at 'https://api.ourdomain.com/api/v1/auto_login/' from origin 'chrome-extension://nlbdcdgjnplflacipfcamfcpogbfmbjl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Many thanks

bubbaspaarx
  • 616
  • 4
  • 15

1 Answers1

1

We fixed it. We have a rails backend with rack-cors gem. The issue with this gem is that it doesn't accept any host other than http, https, file. So chrome-extension://******** naturally failed. I still don't understand why it worked then stopped working and this potentially highlights an issue with the gem.

Removing the host so it left our chrome extension ID as the origin allowed CORS to pass.

bubbaspaarx
  • 616
  • 4
  • 15