I am developing a Manifest V3 extension for our web app. I am running into a CORS issue trying to use host_permissions.
I have added our domain to host_permissions as "host_permissions": ["https://mozilla.com/*"], (except using our domain instead of mozilla.com). When I try to make a fetch request to our domain it is being blocked with the error Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [...] (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 302. The request is being made from a background script.
In Chrome I am able to make this request without CORS issues. The only difference is in Chrome I’m using a background service_worker instead of a background script.
The docs for host_permissions say that host_permission privileges include “fetch access to those origins without cross-origin restrictions.” Is there something else I need to add?
Thanks for your help!