I just tried to check if I can port one of my extensions to MV3 using this guide, and it seems that I can not use cross-origin requests from the background script in any way.
A sample repo of a stub addon is located here. It has permission for all urls (neither “<all_urls>”, nor ", “
*://*/*” works) and tries to fetch https://gutenberg.org but fails with the following error: “Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://gutenberg.org/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.”
The request contains “Origin” header with
moz-extension://<extension id> URL. It is not possible to remove this header even using blocking web requests API, which was possible in MV2. “connect-src http://* https://*” in addon CORS settings also does not help.
Haven’t found any bugs on bugzilla. Are cross-origin requests forbidden in MV3?