Opening https://localhost:8080/config.html directly in a tab works fine.
What’s actually happening
Your CORS and HTTPS can be totally correct and Chrome will still block it.
Recent Chrome versions added a Local Network Access check. A public HTTPS site (like https://dashboard.twitch.tv) isn’t allowed to embed / talk to localhost or your LAN unless the browser grants special local network access permissions.
Twitch’s dashboard iframe doesn’t request that permission, so Chrome refuses the request and mislabels it as a “CORS error” with LocalNetworkAccessPermissionDenied. Your backend never even gets a chance to respond.
Totally new extension dev here and I am having a lot of issues related to chromium localhost permission stuff. Specifically, Cross-Origin Request errors (using the same localhost, just my API endpoint is on a port) and the dreaded “unsafe attempt to load URL - domains protocols and ports must match” error.
Do you have/know of any resources that could help me test using a (as you described) “a real SSL domain” so I can get out of this web permissions hellscape? LOL
I ultimately plan to use something like ngrok or cloudflare tunnel with a host domain name to serve content only for my twitch page (for starters). Can you use such URLs/tunneling services for the “local hosting” phase?
Thanks in advance! I’m excited to see what I can create with these awesome tools!
This is the answer to your question for development.
I use a real domain on my extension EBS with a reverse SSH tunnel so I don’t rely on other tools I use my own. (given the tools like ngrok do pretty much exactly that but you have to use thier service(s) I just use my own server where the production EBS is with additional sub domains for test front end and test backend)
