Unable to obtain refresh token as suggested in Authentication.md

[nikicat]

Hello, script from a step 22 from https://github.com/GabrielDuarteM/semantic-release-chrome/blob/master/Authentication.md fails with an error:

16:46:24.481 Content Security Policy: The page’s settings blocked the loading of a resource at https://accounts.google.com/o/oauth2/token (“default-src”). debugger eval code:9:25
16:46:24.482
Promise { <state>: "rejected", <reason>: TypeError }

16:46:24.483
Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.
    <anonymous> debugger eval code:9
    <anonymous> debugger eval code:39
[debugger eval code:9:26](chrome://devtools/content/webconsole/debugger%20eval%20code)
    <anonymous> debugger eval code:36
    AsyncFunctionThrow self-hosted:811
    (Async: async)
    <anonymous> debugger eval code:39
    getEvalResult resource://devtools/server/actors/webconsole/eval-with-debugger.js:242
    evalWithDebugger resource://devtools/server/actors/webconsole/eval-with-debugger.js:166
    evaluateJS resource://devtools/server/actors/webconsole.js:1131
    evaluateJSAsync resource://devtools/server/actors/webconsole.js:1022
    makeInfallible resource://devtools/shared/ThreadSafeDevToolsUtils.js:103

[Semro]

Encountered same issue with Firefox: https://stackoverflow.com/questions/56486825/how-to-fix-content-security-policy-the-page-s-settings-blocked-the-loading-of (I switched to Chrome and everything worked)

[GabeDuarteM]

Hey @nikicat @Semro 👋

This looks like it's happening because of CORS, are you running that on the localhost page that opened on step 18, or are you doing that on a different page?

It should work if you do this on localhost (should also work on a new tab).