There is an extension, there is a usual AJAX-запрос (on pure JS ) to the server.

Question: Why is the request being sent? It is sent, despite the fact that I do not have the Access-Control-Allow-Origin header on my server.

And if you run this file locally, it gives an error:

XMLHttpRequest cannot load {url}. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

    1 answer 1

    The extension API has been specifically designed for this feature. XHR requests from extensions are not restricted by the same origin policy .

    Learn more about this in the English documentation for Chrome Extensions: Cross-Origin XMLHttpRequest

    It is enough just to specify permissions in manifest.json.