WebExtension.net
WebExtension.net

CORS Unblock

View on Chrome Web Store
View CORS Unblock Chrome Extension on Chrome Web Store
4.2 (158 ratings)

Data is synced from the Chrome Web Store. View the official store page for the most current information.

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled
Type
Extension
Users
200,000 users
balvin.perrie
View author page of balvin.perrie
Published
Published on January 25, 2019
Version 0.3.8
Manifest version
2
Updated
Updated on February 11, 2024
View on Chrome Web Store
View CORS Unblock Chrome Extension on Chrome Web Store
productivity/developer
Extension Category
CORS Unblock Chrome Extension Image 2
CORS Unblock Chrome Extension Image 3

Description

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK Access-Control-Allow-Methods: request initiator or empty Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: request initiator or *

Additional Features:

  1. It can remove the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".

  2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.

  3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class.

  4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development.

  5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately.

  6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method).

  7. The extension also optionally fixes CORS policies of redirected URLs.

-- It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled).

Links:

  1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.

  2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.

WebExtension.net

Track and analyze Chrome Web Store extensions with comprehensive analytics and insights.

Contact

© 2024 WebExtension.net. All rights reserved.
Disclaimer: WebExtension.net is not affiliated with Google or the Chrome Web Store. All product names, logos, and brands are property of their respective owners. All extension data is collected from publicly available sources.
Go to top