I have a feeling you should be using declarativeNetRequestWithHostAccess instead of declarativeNetRequest. They are the same, but one is alerted to users and the other one is not.
And since you already have "<all_urls>" permission, you have access to all hosts, so declarativeNetRequestWithHostAccess will work as expected.
Note that “Access your data for all websites” warning is caused by the "<all_urls>" permission, but I’m not sure you can avoid that.