When developing a Chrome extension, you might need to get an XMLHttpRequest that's part of a content script to send cookies for a domain when making a request to that domain, if the origin is not that domain. Not much has been written about how to do this.

Dana Woodman, a Chrome extension developer discusses how to do this, but she makes a mistake, claiming that you need to designate the "cookies" permission in your manifest.json. This is not accurate. You can designate the "cookies" permission in manifest.json, but you only need to do that if you want to access cookie data separately from an XmlHttpRequest. Additionally, she makes a mistake that 99% of Chrome extension developers make, assuming that you have to put your domain in the "permissions" field in order to make cross-origin web requests to it.