0

I've been trying for a while to make a HTTP REST API call from the frontend JS running on any page in my chrome extension to my backend server. I've read many stackoverflow answers but still haven't found anything good enough.

I have credentials: "include" and mode: "cors" set in my fetch call on the frontend. And I have Access-Control-Allow-Origin: * on the backend response set as well.

But the network request always fails due to a CORS error.

My chrome extension has code that runs on any webpage on any domain, so I'm effectively making the API call from an arbitrary domain to my http://localhost:8000 backend address, so e.g. I could make a call from "google.com" to my localhost address.

Also, I'm using chrome manifest v3. (I've also set "host_permissions": ["*://*/*", "http://localhost/*"], in the extension manifest file)

I believe I can move the API request to my backend work if I moved the call to a background service worker, but I'm really just curious as to whether or not it's even possible to do this cross origin request at all from a regular webpage. Any advice?

rasen58
  • 4,672
  • 8
  • 39
  • 74

1 Answers1

0

Sorry never mind, I just had to disable Block insecure private network requests. in chrome since that's what was blocking the local request

rasen58
  • 4,672
  • 8
  • 39
  • 74
  • Chrome intentionally disallows any cross-origin requests from content scripts, so if you want your extension to work for general public you need to make the request in the background script as explained in [this answer](https://stackoverflow.com/a/55292071). – wOxxOm Aug 27 '22 at 06:53
  • 1
    Ah I see, that was helpful thanks. I made a chrome extension previously and did not run into that limitation which is why I was confused when doing it now but I see that that was added in a later chrome update which makes sense thanks – rasen58 Aug 27 '22 at 13:50