CORS Unblock icon

CORS Unblock

Extension Actions

CRX ID
lfhmikememgdcahcdlaciloancbhjino
Status
  • Live on Store
Description from extension meta

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Image from store
CORS Unblock
Description from store

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty
Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK
Access-Control-Allow-Methods: request initiator or empty
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: request initiator or *

Additional Features:
1. It can remove the following CSP-related headers:
"Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".

2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.

3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class.

4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development.

5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately.

6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method).

7. The extension also optionally fixes CORS policies of redirected URLs.

--
It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled).

Links:
1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.

2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.

Latest reviews

Rick Kerry
doesn't work
Carol Rizzi
Used to be the ONLY extension that works with my client's app, but after the recent update it does not work at all. Automatically turns off when I reload the page. Now I have zero extensions that work for me :(
G Test
Just after the new update does not work as well as before anymore It has become so complicated and I get errors with cors. Can you please downgrade again. Please fix. It was a five star extension.
Oleksandr Boiko
Does not work
Tushar Thakare
WHY YOU UPDATED !!!! what did you do !! It was my fav extension , after update it is not working unfortunately , on local files it gets auto off when i reload.
Josh Graef
This extension was a life-saver for me. I use an internal web app tool that I built that is a huge pain with CORS errors. It's just an internal web app so security isn't a concern for me — I just need images to display and chrome blocks them with CORS errors. It is SO frustrating and I was SO SO happy when I found this extension. It works exactly as needed. There's another CORS extension but it seems to cause issues with other websites so I have to constantly turn it on and off — this one is PERFECT. Except, Chrome has disabled it because it's not up-to-date. Whoever made this, can you PLEASE fix this? Or if any developers have experience to build something just like this, please contact me. I would pay to have this fixed. [email protected]
Er. Sanskar Dahiya
This is very good & helpful ext to use
Di Qin
it works good for me,but chrome now was disable to use it at all
Maksim Dimitrov
As simple as it gets
Manoj Kale
Working Perfectly and as expected
Work LY
It works greatly for me. The only thing worries me is that it does not support Manifest v3. Maybe one day Chrome will disable it.
Zuxing Wu
good. works
hikmat ullah
not working for me
Cindy Corritore
Amazing and simple - I hope it doesn't get taken off the store! I am recommending it to all my students.
Amirmahdi Shahbazi
Works fine
Ian Serfaty
works!
Rafik Mechria
chome should keep this amazing extention is the best for this kind of dev experience
yingdong mao
doesn't work for me.
Justice Almanzar
This seems to always modify your requests, not only when it's "active". Headache of a bugfix that was actually machine confinguration
Ryan Gilmore
Was working, then stopped.
doggo cabos
With the update to Manifest v3, when sending a request with fetch from a homemade Chrome extension, a CORS error will occur 100% of the time, and there is nothing the client can do to avoid it. However, by using this extension, you can receive responses with fetch without them failing with a CORS error. This extension is like a godsend for Chrome extension developers.
Makaylah Bennett
doesnt work
me notyou
Not working when CORS header is ignored b/c coming through a unsecure request (http). "The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead."
Clara Bertaut
Seems to work well, and does what I needed it to do (allows me to parse HTTP responses on localhost by appending 'Access-Control-Allow-Origin: *' to the header). It supports a number of other configurations, as well, which I don't currently need but are nice to have as options.
Cristian Enache
It has a BIG BUG when "credentials": "includes" exists in fetch request. The extension puts wildcard * in Access-Control-Allow-Methods and this make CORS to block the request.
Aleksei Lunin
Works as expected
Bryan Lee Wen Swen
Does exactly what it says
Dat Nguyen
works perfectly
Eugene Ledenev
Awesome! Thank you!
what
does exactly what it does, a lot better than all the other CORS extensions!
Vigen Pouya (47Vigen)
It was better than related extension!
Gaurav Kumar
Worked for me using fetch
Alex B
Does exactly what it says on the tin. 👍
Leonardo Covari
Don't work
Serafin Burberibar
Do good job
Shayan Shaikh
While it does not work everytime, It still gives you a pocket to work with if you are lucky enough. I wasn't but I do rate this highly as dealing with CORS can be pretty frustrating when the servers aren't configured and you cannot communicate.
kaleem ullah
It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
kaleem ullah
It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
M
Macht was es soll. Daumen hoch
Gabriela Sartori
It's the only CORS chrome extension that works for me
Gabriela Sartori
It's the only CORS chrome extension that works for me
Mehdi Moradi (Aryan)
Thankyou buddy 😍👍
Mehdi Moradi (Aryan)
Thankyou buddy 😍👍
Burhan Dev
Solved my problem
Burhan Dev
Solved my problem
sibaktra 16
Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
sibaktra 16
Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
Vitaliy Lufter
не работает
Armando García
Just it did the job at the very first time. Amazing.
Armando García
Just it did the job at the very first time. Amazing.