CORS Unblock
Extension Actions
- Live on Store
No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled
This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.
The default values for the headers:
Access-Control-Allow-Origin: request initiator or empty
Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK
Access-Control-Allow-Methods: request initiator or empty
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: request initiator or *
Additional Features:
1. It can remove the following CSP-related headers:
"Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".
2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.
3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class.
4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development.
5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately.
6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method).
7. The extension also optionally fixes CORS policies of redirected URLs.
--
It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled).
Links:
1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.
2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.
Latest reviews
- Rick Kerry
- doesn't work
- Carol Rizzi
- Used to be the ONLY extension that works with my client's app, but after the recent update it does not work at all. Automatically turns off when I reload the page. Now I have zero extensions that work for me :(
- G Test
- Just after the new update does not work as well as before anymore It has become so complicated and I get errors with cors. Can you please downgrade again. Please fix. It was a five star extension.
- Oleksandr Boiko
- Does not work
- Tushar Thakare
- WHY YOU UPDATED !!!! what did you do !! It was my fav extension , after update it is not working unfortunately , on local files it gets auto off when i reload.
- Josh Graef
- This extension was a life-saver for me. I use an internal web app tool that I built that is a huge pain with CORS errors. It's just an internal web app so security isn't a concern for me — I just need images to display and chrome blocks them with CORS errors. It is SO frustrating and I was SO SO happy when I found this extension. It works exactly as needed. There's another CORS extension but it seems to cause issues with other websites so I have to constantly turn it on and off — this one is PERFECT. Except, Chrome has disabled it because it's not up-to-date. Whoever made this, can you PLEASE fix this? Or if any developers have experience to build something just like this, please contact me. I would pay to have this fixed. [email protected]
- Er. Sanskar Dahiya
- This is very good & helpful ext to use
- Di Qin
- it works good for me,but chrome now was disable to use it at all
- Maksim Dimitrov
- As simple as it gets
- Manoj Kale
- Working Perfectly and as expected
- Work LY
- It works greatly for me. The only thing worries me is that it does not support Manifest v3. Maybe one day Chrome will disable it.
- Zuxing Wu
- good. works
- hikmat ullah
- not working for me
- Cindy Corritore
- Amazing and simple - I hope it doesn't get taken off the store! I am recommending it to all my students.
- Amirmahdi Shahbazi
- Works fine
- Ian Serfaty
- works!
- Rafik Mechria
- chome should keep this amazing extention is the best for this kind of dev experience
- yingdong mao
- doesn't work for me.
- Justice Almanzar
- This seems to always modify your requests, not only when it's "active". Headache of a bugfix that was actually machine confinguration
- Ryan Gilmore
- Was working, then stopped.
- doggo cabos
- With the update to Manifest v3, when sending a request with fetch from a homemade Chrome extension, a CORS error will occur 100% of the time, and there is nothing the client can do to avoid it. However, by using this extension, you can receive responses with fetch without them failing with a CORS error. This extension is like a godsend for Chrome extension developers.
- Makaylah Bennett
- doesnt work
- me notyou
- Not working when CORS header is ignored b/c coming through a unsecure request (http). "The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead."
- Clara Bertaut
- Seems to work well, and does what I needed it to do (allows me to parse HTTP responses on localhost by appending 'Access-Control-Allow-Origin: *' to the header). It supports a number of other configurations, as well, which I don't currently need but are nice to have as options.
- Cristian Enache
- It has a BIG BUG when "credentials": "includes" exists in fetch request. The extension puts wildcard * in Access-Control-Allow-Methods and this make CORS to block the request.
- Aleksei Lunin
- Works as expected
- Bryan Lee Wen Swen
- Does exactly what it says
- Dat Nguyen
- works perfectly
- Eugene Ledenev
- Awesome! Thank you!
- what
- does exactly what it does, a lot better than all the other CORS extensions!
- Vigen Pouya (47Vigen)
- It was better than related extension!
- Gaurav Kumar
- Worked for me using fetch
- Alex B
- Does exactly what it says on the tin. 👍
- Leonardo Covari
- Don't work
- Serafin Burberibar
- Do good job
- Shayan Shaikh
- While it does not work everytime, It still gives you a pocket to work with if you are lucky enough. I wasn't but I do rate this highly as dealing with CORS can be pretty frustrating when the servers aren't configured and you cannot communicate.
- kaleem ullah
- It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
- kaleem ullah
- It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
- M
- Macht was es soll. Daumen hoch
- Gabriela Sartori
- It's the only CORS chrome extension that works for me
- Gabriela Sartori
- It's the only CORS chrome extension that works for me
- Mehdi Moradi (Aryan)
- Thankyou buddy 😍👍
- Mehdi Moradi (Aryan)
- Thankyou buddy 😍👍
- Burhan Dev
- Solved my problem
- Burhan Dev
- Solved my problem
- sibaktra 16
- Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
- sibaktra 16
- Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
- Vitaliy Lufter
- не работает
- Armando García
- Just it did the job at the very first time. Amazing.
- Armando García
- Just it did the job at the very first time. Amazing.