Background script can't cross-origin request without permission when server returns "Access-Control-Allow-Origin: *"

By design Issue #11075897

Details

Author
Tomohito Y.
Created
Feb 25, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
15.15042
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

When web server returns “Access-Control-Allow-Origin” header with “*” value,
Google Chrome allows Cross-origin request from extension’s background script without permission in manifest.json.

But Microsoft Edge does not allow request without permission.

I think it seems to be undocumented behaviour on Google Chrome. It maybe not Edge’s issue :-)
https://developer.chrome.com/extensions/xhr

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Status to “By design”

    You need to sign in to your Microsoft account to add a comment.

    Sign in