extension ExtPose

Disable Content-Security-Policy

CRX id

ieelmcmcagommplceebfedjlakkhpden-

Description from extension meta

Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.

Image from store Disable Content-Security-Policy
Description from store Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.

Latest reviews

  • (2023-11-06) DEV: did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
  • (2023-07-17) Julián Andrés Núñez: Works fine after refresh
  • (2023-07-04) Alex Kubica: Works if you hard refresh 😁
  • (2023-06-09) SpamBox: Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
  • (2023-05-31) Kyle Keating: Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
  • (2023-05-18) Brian Coale: Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
  • (2023-05-06) RJ Deng: 非常有用,可以在 Github上运行翻译脚本了
  • (2023-02-14) Cees Timmerman: I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
  • (2022-12-19) Vaibhav Nigam: It does not work on a website which adds CSP using HTML meta tag.
  • (2022-11-28) Horia Cristescu: There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
  • (2022-10-29) Stefanus Diptya: works like a charm!
  • (2022-09-14) Efecan Yilmaz: Works good
  • (2022-08-20) PossessWithin: Works perfectly. Thank you very much!
  • (2022-08-09) Pontus Frödén: Don't work
  • (2022-05-09) Valdek Ingmar: It has no effect on the CSP headers when enabled and active for given tab.
  • (2021-12-01) Logan: Doesn't work, or no longer works.
  • (2021-08-23) Vladimir Panteleev: I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
  • (2021-07-06) Oskar Mothander: Doesn't work with latest Chrome
  • (2021-06-23) william dutton: Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
  • (2021-04-14) Qingyu Yan: works very well 非常好用
  • (2021-04-13) Ron Moses: Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
  • (2021-04-07) Gabriel Karády: Doesn't work on latest Chromium.
  • (2021-04-07) Adam Takvam: Failed to eliminate CSP policy 'worker-src: none' restriction.
  • (2021-02-17) Google用户: 暂时没有问题
  • (2021-01-14) UnitedWeStand.: Very good!
  • (2021-01-12) Stewart Cossey: This doesn't work in Chrome 87. It may have at somepoint in the past, but not now :-(
  • (2021-01-05) Klemen Nagode: I would like that whitelisting would be enabled! (I only want this for single domain) UPDATE: it stopped working for me in late 2020 :(
  • (2020-09-28) Zhiyu Qi: Solves the problem. It won’t automatically activate which is a plus on security.
  • (2020-09-24) Mohammad Madahian: Saved my life, great for development testing.
  • (2020-07-20) Alvin Gamboa: Doesn't work. I tried this on JIRA Tempo TImesheets and didn't work. CSP from app.tempo.io as still blocked.
  • (2020-01-29) Etienne Rocheleau: Don't know if it's just me, but it seems it stopped working recently... It was working perfectly before.
  • (2019-12-05) Yihong Chen: It doesn't work anymore on Chrome 80.0.3983.2. It shows "Provisional headers are shown" for external network call.
  • (2019-09-25) Mike Hill: Thanks for uploading this! Simple. Does what it says. Registers a webRequest.onHeadersReceived listeners to clear the value of the CSP header. Exactly what I needed for development.
  • (2019-09-24) Rio Aditiyono: Working great for my office web.
  • (2019-06-26) Andrew Shawn: 牛逼!
  • (2019-05-31) Insta Follows: Works! You have to click the button to activate it. I wish it had more options, like turn on, on a tab by tab basis, on a domain by domain basis, or just globally. currently only turns on/off globally, for all domains and tabs.
  • (2019-04-08) Max Plore: Working fine in April/2019. Had issues while logging into an account. It says I have to verify captcha, but didn't show me anything to click on, it was a blank field. So I jumped on google, found this extension, was little worried if it's scam and not doing what it's should do but wow! that's why I wrote this review. Super happy. I installed it, gave it a try. Had to click on its symbol in the plugin toolbar next to the url field. Refreshed the tap and there we go! Super happy, big thanks!
  • (2019-01-21) 布丁: Not work.
  • (2019-01-19) Tan: It works fine for importing custom JS (Custom Javascript for Websites 2 is limited to 10KB script sizes so importing from a local server is often a requirement). Also, YOU NEED TO CLICK ON THE EXTENSION TO ENABLE. It's not on by default and I thought it wasn't working -_-
  • (2018-11-27) Константин Рябинин: не работает
  • (2018-11-07) Ke Vin: Doesn't work at all....
  • (2018-10-23) Ben Steed: Intermittent success when using this extension but was a life saver for enabling me to pull data from a 3rd-party URL via a bookmarklet.
  • (2018-09-27) C2000: Did not find better way to bypass CSP set by HTML publisher in Jenkins.
  • (2018-09-12) frono: fat
  • (2018-09-01) TAO DENGJUN: good job! THX
  • (2018-07-08) Thomas Orlita: Didn't work for me (Cordova)
  • (2018-07-04) 凯李: 太有用了,Diigo终于可以在zhihu这样的网站上面用了,👍
  • (2018-05-09) Ismael Reis: Worked
  • (2017-11-15) Артур Петуховский: it doesn't work
  • (2017-10-06) D. Prisikar: Great plugin, saved my day, using for Rapportive

Statistics

Installs
50,000 history
Category
Rating
3.6374 (91 votes)
Last update / version
2024-09-03 / 4.0.0
Listing languages

Links