extension ExtPose


Description from extension meta

Allows forcing Cross-Origin Resource Sharing headers on any desired URL; helpful when accessing remote services from a local host.

Image from store ForceCORS
Description from store ForceCORS is a Google Chrome extension which allows you to selectively apply CORS Headers to any web server responses you choose. This is extremely helpful when developing a web application that makes Ajax/XHR requests. The extension requires you to specify the domains that you wish to monitor and allows you to explicitly define the headers to be added. This is preferable to completely disabling XHR security in your browser, which is a big security hole. ***Regarding Permissions*** In order to allow you to append headers to ANY arbitrary location, this extension requires access to intercept ANY web request. However, by default the extension does NOT monitor any web traffic. Only URLs you specifically whitelist will be read by the extension, and only headers that YOU specify will be appended. Note: Headers added by this extension will not appear in the DevTools "Network" panel due to a known Chrome bug: https://code.google.com/p/chromium/issues/detail?id=258064 This extension is open source under the MIT License and can be found on GitHub: https://github.com/chrisdeely/ForceCORS

Latest reviews

  • (2018-06-28) Николай Калинин: Very useful extension, thanks! Own settings for specific url patterns are great, and all works fine.
  • (2016-10-25) Frédéric Bonnet: This extension made my developer's life MUCH easier. The competing extensions worked OK on some points but failed at customizability (e.g. setting Access-Control-Allow-Origin to a non-default value).
  • (2016-09-23) Joshua Foxworth: Doesn't work. No instructions. No explanation. Entering items does nothing. Links to docs are broken. Don't know what to say. Tried it three times now.
  • (2016-06-04) Best solution for CORS problem when developing ionic apps
  • (2016-01-06) Peter Ajtai: Works nicely. Very useful that you can set the Access-Control-Allow-Origin header to something other than * - so it can be used in conjunction with withCredentials true!
  • (2015-07-09) Alex Haynes: The other reviews are correct. This extension is no longer functional.
  • (2015-02-16) Ashesh Ambasta: Doesn't work and its a waste of time since there are no notes about the fact that it just doesn't work with the latest Chrome.
  • (2014-07-10) This extension is a bit to complicated for me.
  • (2014-02-26) Anthony Cameron: Doesn't work in latest Chrome
  • (2014-02-08) Laurens Rietveld: Great! Instead forcing CORS for all URLs, this tool allows for better configurability, and only enable CORS for -some- URLs
  • (2014-02-08) I sometimes have to make cross-domain requests to test stuff in my dev/staging environments and this works a treat. Great work.

Latest issues

  • (2016-09-15, v:1.1) Joshua Foxworth: Tried it. Doesn't work
    The installation refers to a settings button that I don't have and downloading via git - which should be necessary if we are using this chrome store. I did try it numerous ways and although a number appeared representing an intercept - no changes were actually made.


2,355 history
3.8 (16 votes)
Last update / version
2014-03-21 / 1.1
Listing languages