Host_permissions not allowing cors requests

I am developing a Manifest V3 extension for our web app. I am running into a CORS issue trying to use host_permissions.

I have added our domain to host_permissions as "host_permissions": ["*"], (except using our domain instead of When I try to make a fetch request to our domain it is being blocked with the error Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [...] (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 302. The request is being made from a background script.

In Chrome I am able to make this request without CORS issues. The only difference is in Chrome I’m using a background service_worker instead of a background script.

The docs for host_permissions say that host_permission privileges include “fetch access to those origins without cross-origin restrictions.” Is there something else I need to add?

Thanks for your help!

I think host permission are not granted without user approval or something in MV3.

1 Like