If it is a S.O.P. issue, no amount of client code will fix it. Maybe the manifest can be made to instruct the app to ignore such security features, but I doubt it
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.