CORS Policy for Addon request

barraiser · October 28, 2024, 12:05pm

We are calling multiple APIs in our addon to enable lot of features in our addon. But our application server is rejecting the request due to CORS error.

We tried whitelisting the origin which in generated in the addon but it seems the origin changes on every installation on any machine.

I can not all all domains to call my API. Basically I can not allow “*” as CORS policy on application server.

Please help us with the suggestion on

How to make the addon origin as some static UUID value.
How to configure application server CORS policy to allow only my addon to make API calls?

juraj.masiar · October 28, 2024, 12:41pm

Similar issue has been recently discussed here:

I have several addons that communicate with my server and I’ve never had issues with CORS, that is when the request was send from background script or from the extension page (so not a content script), and while my addon had the host permission for my server domain name.

And this should work without disabling CORS on your server, and without whitelisting your addon UUID.

Patpa99 · October 28, 2024, 1:27pm

Yes…but, as you will see from the problem discussed above, my add-on also had host permission for my server’s domain name and I was sending requests from the background script.
Unfortunately we have not found a solution (I’m still open to any kind of help or advice)

juraj.masiar · October 28, 2024, 2:09pm

Could you post here the screenshot of the headers of the problematic request, in the Network tab?
Like this:

Also, any chance something is modifying your request/response headers?

jessica1 · December 4, 2024, 6:34pm

Confirm that the background script is properly configured and running in your add-on. Look for any console errors in the background script by checking the browser’s developer tools.

jessica1 · December 6, 2024, 1:43am

This post was flagged by the community and is temporarily hidden.