CORS Unblock
Item media 3 screenshot
Item video thumbnail
Item media 2 screenshot
Item media 3 screenshot
Item video thumbnail
Item video thumbnail
Item media 2 screenshot
Item media 3 screenshot

Overview

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them. The default values for the headers: Access-Control-Allow-Origin: request initiator or empty Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK Access-Control-Allow-Methods: request initiator or empty Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: request initiator or * Additional Features: 1. It can remove the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy". 2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does. 3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class. 4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development. 5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately. 6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method). 7. The extension also optionally fixes CORS policies of redirected URLs. -- It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled). Links: 1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock. 2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.

4.2 out of 5145 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

me notyouApr 8, 2024

Not working when CORS header is ignored b/c coming through a unsecure request (http). "The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead."

1 out of 3 found this helpful
Review's profile picture

Clara BertautMar 23, 2024

Seems to work well, and does what I needed it to do (allows me to parse HTTP responses on localhost by appending 'Access-Control-Allow-Origin: *' to the header). It supports a number of other configurations, as well, which I don't currently need but are nice to have as options.

1 person found this review to be helpful
Review's profile picture

Cristian EnacheMar 20, 2024

It has a BIG BUG when "credentials": "includes" exists in fetch request. The extension puts wildcard * in Access-Control-Allow-Methods and this make CORS to block the request.

2 out of 2 found this helpful

Details

  • Version
    0.3.8
  • Updated
    February 11, 2024
  • Offered by
    balvin.perrie
  • Size
    203KiB
  • Languages
    English
  • Developer
    Email
    balvin.perrie@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Related

Disable Content-Security-Policy

3.6(82)

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

React Developer Tools

4.0(1.5K)

Adds React debugging tools to the Chrome Developer Tools. Created from revision 1717ab0171 on 5/8/2024.

Local-CORS

1.2(6)

Allows CORS requests from your localhost to any API by setting 'Access-Control-Allow-Origin: *' header

Always Disable Content-Security-Policy

3.7(15)

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Allow CORS: Access-Control-Allow-Origin

3.4(265)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

EASY CORS

4.6(17)

Add cors headers to response header.

CSP Unblock

5.0(1)

No more Content-Security-Policy limitations. This extension removes all CSP-related headers during website testing.

Cross Domain - CORS

4.1(60)

Cross Domain will help you to deal with cross domain - CORS problem. This is tool helpful when face with cross domain issue.

Moesif Origin/CORS Changer & API logger

3.7(188)

Allow cross-domain requests by override Origin and CORS headers. Log/capture XmlHttpRequest API calls for debugging and analytics.

Angular DevTools

3.9(152)

Angular DevTools extends Chrome DevTools adding Angular specific debugging and profiling capabilities.

tweak: mock and modify HTTP requests

4.7(148)

Mock or modify your HTTP requests to test, develop and demo your web application

CORS Helper

3.7(3)

Lightweight CORS web development tool allows developers to modify Ajax responses Access-Control-Allow-Origin:*.

Disable Content-Security-Policy

3.6(82)

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

React Developer Tools

4.0(1.5K)

Adds React debugging tools to the Chrome Developer Tools. Created from revision 1717ab0171 on 5/8/2024.

Local-CORS

1.2(6)

Allows CORS requests from your localhost to any API by setting 'Access-Control-Allow-Origin: *' header

Always Disable Content-Security-Policy

3.7(15)

Always Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Allow CORS: Access-Control-Allow-Origin

3.4(265)

Easily add (Access-Control-Allow-Origin: *) rule to the response header.

EASY CORS

4.6(17)

Add cors headers to response header.

CSP Unblock

5.0(1)

No more Content-Security-Policy limitations. This extension removes all CSP-related headers during website testing.

Cross Domain - CORS

4.1(60)

Cross Domain will help you to deal with cross domain - CORS problem. This is tool helpful when face with cross domain issue.

Google apps