Steps to reproduce
When web server returns “Access-Control-Allow-Origin” header with “*” value,
Google Chrome allows Cross-origin request from extension’s background script without permission in manifest.json.
But Microsoft Edge does not allow request without permission.
I think it seems to be undocumented behaviour on Google Chrome. It maybe not Edge’s issue :-)
Comments and activity
- Microsoft Edge Team
Changed Status to “By design”
Thank you for providing this information about the issue. Edge is behaving properly; when the URL is not mentioned as part of the permissions in manifest.json file, the extension’s background script is barred from marking the cross origin requests even though the server returns “Access-Control-Allow-Origin” header with “*” value. Developers are expected to add the URL’s under the permissions in manifest.json for the cross origin requests. Currently, we do not plan to change this feature. Please update this case if you want to provide new information for us to consider.
The MS Edge Team