First, you can't depend on the Chrome Extension for the CORS issue .
That's only for the developers, not for the users. How can you ensure that the user alreadty installed this extension to avoid the CORS in their browser level? They may use some other browsers, then they can't download the module from the browser level.
So best way is, avoid the chrome extension and implement this function in the server level.
For the module upload, you should create a FormData including that Zip as file type. Please find the
uploadModule method from here,