Chrome v90 has a stricter CORS policy than older Chrome version. Previously robot could make API calls (GET, POST) to any resources, in Chrome v90 robot can make API calls with the same permission as website itself. In some cases robot code must be patched to make robot work with Chrome v90. We are providing some useful tips how to do this.

CORS issues can be avoided all together when browser URL’s domain matches API call’s domain. Example: browser is sitting on https://webrobots.io and robot’s step is executing¬†$.get('https://webrobots.io/example.json')¬†.

When a page is making an API call to some outside of domain resource, your robot should be able to do it as well because robot has the same CORS policy as website’s own scripts. Here are some examples how to tweak fetch() requests to get your requests to go through:

Remove the following headers from your fetch() requests:
"cache-control": "no-cache",
"pragma": "no-cache",

Change fetch mode headers from “cors” to “no-cors”
"mode": "no-cors",
"sec-fetch-mode": "no-cors",