"CORB blocked cross-origin response" error when using ably-js from a contentScript scope in a Chrome extension in Chrome 73+

Background: https://www.chromium.org/Home/chromium-security/extension-content-script-fetches

 

Chomer 73 made some changes to the way cross-origin requests made from content scripts work. The stated intention was to make content scripts subject to the same request rules as the page they are running within. However, the implementation in Chrome 73 has the effect of enforcing stricter rules on requests made from the content script than the page, since requests from the content script do not trigger a CORS preflight request for cross-origin requests made from a content script (when the same request made from the page itself would trigger a preflight). This leads to the main request being blocked by CORB, where a similar request from the page would not be.

 

One solution is to run the Ably library in the background script rather than the content script.

 

If you want to run the library in the content script rather than the background, a workaround, as described in the Chromium docs above, is to ask the background page whenever you need to make a REST request. For example, for token authentication, instead of using the authUrl option, you can instead supply an authCallback which, when called, asks the background page to request a token from your auth server. (In which case make sure that your auth server is calling requestToken rather than createTokenRequest, else the library try to make a REST request to turn the token request into a token). You probably also want to specify the transports: ['web_socket'] client option, as by default the library will start with an xhr transport and then upgrade to a websocket.