I want to send a request from the content script to an external site, which requires a cookie to authenticate. I’m already logged in so I got the cookie, but couldn’t attach it to the fetch.
The response I got back was always 401 Unauthorized, and devtools showed that the request I sent didn’t contain the cookie at all. I even tried adding credentials: 'include' to the fetch’s options but nothing changed.
If I just paste the url into address bar, it works. But the same request from the extension has its cookies stripped out, it feels like. I don’t know where to go from here, is it actually not allowed in an extension?
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ...(the target url). (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’)
So it seems it’s out of my control, not sure what else I can do here.