noticed strange thing about content_scripts "matches" param. From documentation:
Content scripts are files that run in the context of web pages
So I expect it's gonna work only with content, not popup. And about "matches" param:
matches - Required. Specifies which pages this content script will be injected into. See Match Patterns for more details on the syntax of these strings and Match patterns and globs for information on how to exclude URLs.
But looks like it affects popup too. For example, if I am trying to make request from popup to my server, cors policy error appear. But if I put my server in "matches" param, it works fine:
"content_scripts": [{
"matches": [
"https://example.com/path"
],
Problem also can be solved by adding host_permission param:
"host_permissions": ["https://example.com/path"]
Why content_scripts affects popup of extension?