CORS Helper

Developer tool to bypass CORS restrictions during local testing. Features profiles, allowlist, and auto-off timer for safety.

CORS Helper - Developer Tool for Local Testing ⚠️ FOR DEVELOPERS ONLY - This tool bypasses browser security. Use only during development! 🎯 WHAT IT DOES Bypass CORS (Cross-Origin Resource Sharing) restrictions when testing local applications. Perfect for frontend developers working with APIs on different ports or domains. ✨ KEY FEATURES Smart Profile System • Create multiple profiles for different projects • Domain allowlist per profile • Quick switch between configurations • Import/export profiles as JSON Privacy-First Design • Debug logging OFF by default • No tracking or analytics • No external servers • All data stored locally • You control what gets logged Auto-Off Timer • 10 minutes, 30 minutes, 2 hours, or infinite • Countdown badge shows remaining time • Global mode defaults to 10-min timer for safety • Never leave CORS accidentally disabled Domain Management • Allowlist mode: Only specified domains (recommended) • Global mode: All domains (use with caution) • Right-click context menu: "Allow this domain" • "Allow Active Tab" button for instant access • Preset buttons for common localhost ports Debug Logging (Optional) • Track which requests are modified • View HTTP status codes and methods • Preflight failure detection with helpful hints • Logs capped at 60 entries, stored locally only Built-In Test Console • Test API endpoints directly from options page • Supports GET, POST, PUT, PATCH, DELETE • Add custom headers to trigger preflight • View all CORS headers in response • JSON formatting and error troubleshooting 🎨 USER EXPERIENCE • Dynamic icons for different modes (off/allowlist/global) • Keyboard shortcuts for quick actions • Dark mode support • Clean, modern interface • Onboarding wizard for first-time users • Real-time countdown badge 🔒 SECURITY & PRIVACY ✓ Manifest V3 compliant ✓ No external API calls ✓ No tracking or analytics ✓ Open source code ✓ Data never leaves your browser ✓ Debug logging OFF by default ✓ Clear privacy policy 📋 COMMON USE CASES 1. Test React/Vue/Angular apps with backend APIs on different ports 2. Connect microservices running locally on different ports 3. Test third-party APIs without CORS restrictions 4. Develop Chrome extensions with cross-origin requests 5. Connect local dev server to mobile test devices ⚙️ HOW IT WORKS Uses Chrome's declarativeNetRequest API to modify response headers: • Access-Control-Allow-Origin: * • Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS • Access-Control-Allow-Headers: * • Access-Control-Expose-Headers: * • Access-Control-Allow-Credentials: true 🛡️ SAFETY FEATURES • Auto-off timer prevents leaving CORS disabled • Visual indicators show current state • Confirmation dialogs prevent accidents • Allowlist mode more secure than global • Per-profile isolation 💡 BEST PRACTICES • Use Allowlist mode for better security • Enable Auto-off timer when using Global mode • Turn on Debug logging only when troubleshooting • Create separate profiles for different projects • Disable when not actively testing ⚠️ IMPORTANT DISCLAIMER FOR DEVELOPMENT USE ONLY. Disabling CORS removes an important browser security feature. Only use during local development on domains you control. Always disable when browsing normally. 🏆 WHY CORS HELPER? ✓ Privacy-focused (no tracking) ✓ Modern Manifest V3 ✓ Advanced features (profiles, timer, logging) ✓ Active development ✓ Clean, intuitive UI ✓ Comprehensive documentation Happy coding! 🎉