pull down to refresh
Ah, you are right, it mentions that host permissions allow cross-site requests here:
Host permissions are specified as match patterns, and each pattern identifies a group of URLs for which the extension is requesting extra privileges. For example, a host permission could be"*://developer.mozilla.org/*".The extra privileges include:
- XMLHttpRequest and fetch access to those origins without cross-origin restrictions (though not for requests from content scripts, as was the case in Manifest V2).
I did not know that (I don't know anything about extensions), that is cool and scary haha
reply
(though not for requests from content scripts, as was the case in Manifest V2)
Yeah this is why I need to open the port to the background and do fetches from there. It's still crazy powerful. My claim to fame was a SEO extension that was calling random websites and toolbars unpublished json API's with 100k active users. It would basically overload their api with traffic overnight without any toolbar installs because I was mimicking how their extensions make their API calls. It also injected itself on every page so it was running on bank pages and stuff. I didnt keep it updated and it was removed when they went to manifest v3
reply
Access cookies with the chrome.cookies API.