CORS Policy for Addon request

We are calling multiple APIs in our addon to enable lot of features in our addon. But our application server is rejecting the request due to CORS error.

We tried whitelisting the origin which in generated in the addon but it seems the origin changes on every installation on any machine.

I can not all all domains to call my API. Basically I can not allow “*” as CORS policy on application server.

Please help us with the suggestion on

  1. How to make the addon origin as some static UUID value.
  2. How to configure application server CORS policy to allow only my addon to make API calls?

Similar issue has been recently discussed here:

I have several addons that communicate with my server and I’ve never had issues with CORS, that is when the request was send from background script or from the extension page (so not a content script), and while my addon had the host permission for my server domain name.

And this should work without disabling CORS on your server, and without whitelisting your addon UUID.

Yes…but, as you will see from the problem discussed above, my add-on also had host permission for my server’s domain name and I was sending requests from the background script.
Unfortunately we have not found a solution (I’m still open to any kind of help or advice)

Could you post here the screenshot of the headers of the problematic request, in the Network tab?
Like this:

Also, any chance something is modifying your request/response headers?