You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per MDN's XMLHttpRequest docs, XHR isn't available in service workers. As the migration from MV2 to MV3 replaces background scripts with service workers, this may block full migration.
Possible solutions
Listeners
Perhaps the most plausible solution is to have the service worker listen for fetch events and filter them for stylesheets, rather than repeating the requests. This could make the content script obsolete and remove much of its functionality.
Since Chrome 85, content scripts are subject to CORS and CORB. The same-origin policy now also applies. In theory, we might be able to query iframes to find the domain and inject a content script there to make use of its origin, but we can't guarantee that every origin will have a corresponding iframe. It may be possible to create a cross-origin iframe. Care should be taken to appropriately restrict the iframe, for security purposes.
Content scripts may be able to create workers. This caused a SecurityError when testing with an appropriate chrome-extension URL. Even if the worker script was hosted online- which would complicate or outright prevent extension approval to the Chrome web store- this seems to imply Workers are subject to the same-origin policy.
Problem
As per MDN's XMLHttpRequest docs, XHR isn't available in service workers. As the migration from MV2 to MV3 replaces background scripts with service workers, this may block full migration.
Possible solutions
Listeners
XHR
Service workers cannot perform XHR.Since Chrome 85, content scripts are subject to CORS and CORB. The same-origin policy now also applies.In theory, we might be able to query iframes to find the domain and inject a content script there to make use of its origin, but we can't guarantee that every origin will have a corresponding iframe. It may be possible to create a cross-origin iframe. Care should be taken to appropriately restrict the iframe, for security purposes.Workers
Content scripts may be able to create workers. This caused aSecurityErrorwhen testing with an appropriatechrome-extensionURL. Even if the worker script was hosted online- which would complicate or outright prevent extension approval to the Chrome web store- this seems to imply Workers are subject to the same-origin policy.