CORS Issue after latest Chrome 85 Update

Question

I am a very new user here so, apologies in advance if I break any rule. Here is the problem I am facing and need suggestions please.

I have a Chrome extension which w

Answer 1

Isn't that the effect of this spec change?

Changes to Cross-Origin Requests in Chrome Extension Content Scripts https://www.chromium.org/Home/chromium-security/extension-content-script-fetches

Answer 2

as stated in https://developers.google.com/web/updates/2020/07/chrome-85-deps-rems

chrome will Reject insecure SameSite=None cookies

Use of cookies with SameSite set to None without the Secure attribute is no longer supported. Any cookie that requests SameSite=None but is not marked Secure will be rejected. This feature started rolling out to users of Stable Chrome on July 14, 2020. See SameSite Updates for a full timeline and details. Cookies delivered over plaintext channels may be cataloged or modified by network attackers. Requiring secure transport for cookies intended for cross-site usage reduces this risk.

Answer 3

I had the same problem. My solution was (as described in the link above) to move the Http-Requests into the background content script.You need to send a message to the background script and perform the request from there.

On receiving the response you need to send a message to the content script where you can handle the response data.

ContentPage                  BackgorundPage
          -- RequestData -->
                              Initialize the request and return to the content script
.... some time later....
                              Callback of HttpRequest is finished
         <-- handleResponse--  (In callback handler)

Content Script:

var msg = new Object();
msg.message = "loadOrders";
chrome.runtime.sendMessage(msg);

Background-Script:

chrome.runtime.onMessage.addListener(
function (msg, sender, sendResponse) {
    if( msgName=="loadOrders") {
        doXHRRequest( function(responseData) {
           sendMessageToActiveTab(responseData);
        });
}

function sendMessageToActiveTab(responseData) {
    var msg = new Object();
    msg.message = "receiveOrders";
    msg.orderList = JSON.parse(Http.responseText);
    chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
        chrome.tabs.sendMessage(tabs[0].id, msg);
    });
}

And last in the content script:

chrome.runtime.onMessage.addListener(function(message, callback) {
  if( message.message == "receiveOrders") {
     receiveOrderList(message.orderList);
  }
  return;
});