Djanog CSRF fails on POST request for chrome extension only

I’m requesting for a key using POST method as following,

var session_id; // to use for token based authentication

// prep
$(document).ready(function(){
  // sending a csrftoken with every ajax request
  function csrfSafeMethod(method) {
      // these HTTP methods do not require CSRF protection
      return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
  }
  if (!chrome.cookies) {
    chrome.cookies = chrome.experimental.cookies;
  }
  const csrf_from_cookies = {'url': 'https://dummy-site-xyz.com/', 'name': 'csrftoken'};
  chrome.cookies.get(csrf_from_cookies, function(res){
    csrftoken  = res.value;
    $.ajaxSetup({
      beforeSend: function(xhr, settings) {
        if (!csrfSafeMethod(settings.url)) {
            xhr.setRequestHeader("X-CSRFToken", csrftoken);
        }
      }
    });
  });

  const sessionid = {'url': 'https://dummy-site-xyz.com/', 'name': 'sessionid'};
  chrome.cookies.get(sessionid, function(res) {
    session_id = res.value;
  });
});

// the request
$.ajax({
      type: "POST",
      crossDomain: true,
      url: 'https://dummy-site-xyz.com/profile/api/v1/awesome/key',
      data: {'sessionid': 'dummy_session_id'},
      success: function(data){
        // pass
      },
      error: function( jqXHR, textStatus, errorThrown ){
          console.log(jqXHR.responseJSON);
      }
    });

but it’s been failing with, detail: "CSRF Failed: Referer checking failed - no Referer."

This works fine if request is sent,

  1. to localhost
  2. to devserver from local html file
  3. to devserver from terminal

But fails from the chrome extension.

my manifest.json

"permissions": [
    .
    .
    .
    "https://dummy-site-xyz.com/*",
    .
    .
  ],