PKCE flow in chrome ext

If I use this example on locahost static page PKCE flow works perfectly:

var qs = (function(a) {
if (a == "") return {};
var b = {};
for (var i = 0; i < a.length; ++i)
{
  var p=a[i].split('=', 2);
  if (p.length == 1)
    b[p[0]] = "";
  else
    b[p[0]] = decodeURIComponent(p[1].replace(/\+/g, " "));
}
return b;
  })(window.location.search.substr(1).split('&'));

  if(qs['code'] == null)
  {
document.location.href = authorize_url + "?response_type=code&client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&state=" + state + "&scope=" + scope + "&nonce=" + nonce + "&code_challenge=" + code_challenge + "&code_challenge_method=S256";
  }else{
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
  xhr.onerror = function() {
    console.log('Invalid URL or Cross-Origin Request Blocked.  You must explicitly add this site (' + window.location.origin + ') to the list of allowed websites in the administrator UI');
  }
  xhr.onload = function() {
    console.log(this.responseText);
  };
  xhr.open('POST', token_url, true);
  xhr.setRequestHeader("Accept", 'application/json');
  xhr.setRequestHeader("Content-Type", 'application/x-www-form-urlencoded');
  xhr.send('grant_type=authorization_code&client_id=' + client_id + '&redirect_uri=' + redirect_uri + '&code=' + qs['code'] + '&code_verifier=' + code_verifier);
} else {
  console.log("CORS is not supported for this browser!")
}
  }

but if use this code in background or content script in chrome extension - I got 403 response from token url with no data… When I send same request with curl I got 200 and token. Please, advice.

I forgot to add my web site to trusted origins. And now it works.