UPDATE FOR MANIFEST V3
I figured out a way to do this. But be extremely careful with your url filtering and other safeguards.
As of Manifest v3 you can set rules for modifying incoming and outgoing calls. Include the name of the site you are requesting in a new section of the manifest called "host_permissions". You can see how to implement rules in the manifest here:
https://developer.chrome.com/docs/extensions/reference/declarativeNetRequest/#manifest
There is a rule action called "allowAllRequests" using this rule allows you to make cross-origin-requests, bypassing preflight checks. You can read more about the rules here:
https://developer.chrome.com/docs/extensions/reference/declarativeNetRequest/#type-RuleActionType
To use this rule you will need to include the "resourceTypes" key in "condition" and a value of "main_frame" or "sub_frame"
Also make sure to completely uninstall your extension and reinstall it for these changes to take effect.
Example manifest from google:
{
"name": "My extension",
...
"declarative_net_request" : {
"rule_resources" : [{
"id": "ruleset_1",
"enabled": true,
"path": "rules_1.json"
}, {
"id": "ruleset_2",
"enabled": false,
"path": "rules_2.json"
}]
},
"permissions": [
"declarativeNetRequest",
"declarativeNetRequestFeedback",
"*://example.com/*"
],
"host_permissions": [
"http://www.blogger.com/",
"*://*/*"
],
...
}
Example Rule.json:
[
{
"id": 1,
"priority": 1,
"action": { "type": "allowAllRequests" },
"condition": {
"urlFilter": "again make sure you are very specific with this.",
"resourceTypes": ["main_frame"]
}
}
]
<script>s. CORS is a way for the server to allows things that would otherwsie be blocked (i.e., cross-domain Ajax). - apsillers