Cross-origin request in a content script is blocked by CORB despite the correct CORS headers

by

Based on the examples in “Changes to Cross-Origin Requests in Chrome Extension Content Scripts”, I replaced all invocations of fetch with a new method fetchResource, that has a similar API, but delegates the fetch call to the background page:

// contentScript.js
function fetchResource(input, init) {
  return new Promise((resolve, reject) => {
    chrome.runtime.sendMessage({input, init}, messageResponse => {
      const [response, error] = messageResponse;
      if (response === null) {
        reject(error);
      } else {
        // Use undefined on a 204 - No Content
        const body = response.body ? new Blob([response.body]) : undefined;
        resolve(new Response(body, {
          status: response.status,
          statusText: response.statusText,
        }));
      }
    });
  });
}

// background.js
chrome.runtime.onMessage.addListener(function(request, sender, sendResponse) {
  fetch(request.input, request.init).then(function(response) {
    return response.text().then(function(text) {
      sendResponse([{
        body: text,
        status: response.status,
        statusText: response.statusText,
      }, null]);
    });
  }, function(error) {
    sendResponse([null, error]);
  });
  return true;
});

This is the smallest set of changes I was able to make to my app that fixes the issue. (Note, extensions and background pages can only pass JSON-serializable objects between them, so we cannot simply pass the Fetch API Response object from the background page to the extension.)

Background pages are not affected by CORS or CORB, so the browser no longer blocks the responses from the API.

More Related Contents:

  1. How to stop CORB from blocking requests to data resources that respond with CORS headers?
  2. How to make a cross-origin request in a content script (currently blocked by CORB despite the correct CORS headers)?
  3. Ajax call bug with Chrome new version 73.0.3683.75?
  4. CORS issue doesn’t occur when using POSTMAN
  5. How can I get the URL of the current tab from a Google Chrome extension?
  6. How can I open my extension’s pop-up with JavaScript?
  7. Since v38, Chrome extension cannot load from HTTP URLs anymore, workaround?
  8. Where does Chrome store extensions?
  9. Chrome CORS error on request to localhost dev server from remote site
  10. Content script matching top-level domains like all google.*
  11. Chrome cancels CORS XHR upon HTTP 302 redirect
  12. Insert an image in chrome extension
  13. How to disable (gray out) page action for Chrome extension?
  14. Inject HTML into a page from a content script
  15. chrome.identity User Authentication in a Chrome Extension
  16. Can I modify outgoing request headers with a Chrome Extension?
  17. Is it possible to inject a javascript code that OVERRIDES the one existing in a DOM? (e.g default alert function)
  18. How to access the webpage DOM/HTML from an extension popup or background script?
  19. CORS error on request to localhost dev server from remote site
  20. Chrome not showing OPTIONS requests in Network tab
  21. How do I import scripts into a service worker using Chrome extension manifest version 3?
  22. Add contextmenu items to a Chrome extension’s browser action button
  23. Google Chrome Extensions – Open New Tab when clicking a toolbar icon
  24. Does –disable-web-security work in Chrome?
  25. Chrome version 18+: How to allow inline scripting with a Content Security Policy?
  26. What does “http://*/*”, “https://*/*” and “” mean in the context of Chrome extension’s permissions
  27. How can I detect the current tab’s mime type in a Google Chrome extension?
  28. Passing message from background.js to popup.js
  29. Chrome v37/38 CORS failing (again) with 401 for OPTIONS pre-flight requests
  30. Accessing `window`/DOM/HTML of the webpage from the extension

Leave a Comment