Open DDDDD12138 opened 1 week ago
Thanks for calling this out. I suspect that this line was true when it was added and we didn't catch it when content scripts became subject to the injection context's CORS restrictions.
Do we need to update the documentation now? I think we can remove that sentence, as this is no different from ordinary scripts anymore.
Can I contribute to it?
MDN URL
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension#content_scripts_2
What specific section or headline is this issue about?
No response
What information was incorrect, unhelpful, or incomplete?
In browser extensions, the statement that content scripts can make cross-domain XHR requests may be incorrect.
What did you expect to see?
The documentation might benefit from a clarification that content scripts are usually subject to the same-origin policy and cannot make cross-domain XHR requests without proper CORS configuration or by using background scripts.
Do you have any supporting links, references, or citations?
No response
Do you have anything more you want to share?
No response