/oauth2/token returns a 403 if the request contains a 'Cookie' HTTP header


Not sure if it’s on purpose. I came to this case when trying to access the Twitter API from a Chrome extension.
Chrome sent a cookie for api.twitter.com, even from the extension. I have no idea how to send a request from an extension without this header. I’ve only been able to find that it’s not possible.
Anyway, could the REST API just ignore the Cookie header?