Extension resources blocked by cross origin policy

Fixed, flighted Issue #8744785


Sep 2, 2016
This issue is public.
Found in
  • Microsoft Edge
Found in build #
Fixed in build #
Reported by 5 people

Sign in to watch or report this issue.

Steps to reproduce

In the process of modifying our Chrome extension to run within Edge as well.

Our extension contains some fonts and images that are used by content scripts and loaded into browsed webpages. Unfortunately, references to these resources at their extension URLs (ms-browser-extension://…) are blocked from being loaded by the cross origin policy.

Resources loaded from within an extension should be exempt from cross origin loading policies (this is the case with other web browsers).


Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Akshay P.”

    Changed Assigned To to “Sebastian P.”

    Changed Assigned To to “Sermet I.”

    Changed Assigned To from “Sermet I.” to “Scott L.”

    Changed Status to “Confirmed”

    Changed Status from “Confirmed” to “By design”

  • Changed Status from “By design”

  • If this is by design, what is the recommended way of accessing resources stored inside the browser extension?

  • Microsoft Edge Team

    Changed Status to “Confirmed”

    Changed Assigned To to “Scott L.”

  •  Sorry, I didn’t notice the .zip you attached here and thought that this was an issue with web_accessible_resources not being specified properly. My resolution comment didn’t seem to get posted as public though. I took another look at the attachments and have created a simple extension that reproduces the behavior you’re seeing (@font-face being blocked by CORS in content scripts regardless of WAR setting). I’ll continue to investigate.

  • I’ve assigned this over to our networking team so they can investigate a fix. Note that I only ran into issues when I tried to access fonts within the extension from pages/content scripts via @font-face. Images were accessible (via both relative and absolute paths) from the page as long as they were specified in web_accessible_resources. Fonts were also accessible from extension pages (such as popups) and iframes pointed to ms-browser-extension:// pages as long as they were specified in web_accessible_resources and as long as the full path to the font (i.e. ms-browser-extension://pathToFont/font.woff was specified in the @font-face url).

  • Microsoft Edge Team

    Changed Assigned To to “Venkat K.”

  • Thanks Scott! Appreciate you looking into this :)

  • Microsoft Edge Team

    Changed Assigned To from “Venkat K.” to “Rajat J.”

    Changed Assigned To from “Rajat J.” to “Nicolas A.”

  • Is this breaks already fix in insider build version?

    I am same problem.
    web fonts is not able to read via content-script yet.

  • Microsoft Edge Team

    Changed Status from “Confirmed” to “Fixed, not yet flighted”

  • Thank you for filing this bug! We have fixed the issue and it will be available in an upcoming Windows Insider build.

  • Microsoft Edge Team

    Changed Status from “Fixed, not yet flighted” to “Fixed, flighted”

    Changed Status from “Fixed, flighted” to “Fixed, not yet flighted”

    Changed Status from “Fixed, not yet flighted” to “Fixed, flighted”

  • I tested the newst MS Edge with attached extensions.

    MS Edge still has this problem.
    WebFont resources cannot be loaded from content script.

    error message printed to console log.

You need to sign in to your Microsoft account to add a comment.

Sign in