CORS Unblock
No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled
This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.
The default values for the headers:
Access-Control-Allow-Origin: request initiator or empty
Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK
Access-Control-Allow-Methods: request initiator or empty
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: request initiator or *
Additional Features:
1. It can remove the following CSP-related headers:
"Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".
2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.
3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class.
4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development.
5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately.
6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method).
7. The extension also optionally fixes CORS policies of redirected URLs.
--
It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled).
Links:
1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.
2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.
Latest reviews
Used to be the ONLY extension that works with my client's app, but after the recent update it does not work at all. Automatically turns off when I reload the page. Now I have zero extensions that work for me :(
Just after the new update does not work as well as before anymore It has become so complicated and I get errors with cors. Can you please downgrade again. Please fix. It was a five star extension.
Does not work
WHY YOU UPDATED !!!! what did you do !! It was my fav extension , after update it is not working unfortunately , on local files it gets auto off when i reload.
This extension was a life-saver for me. I use an internal web app tool that I built that is a huge pain with CORS errors. It's just an internal web app so security isn't a concern for me — I just need images to display and chrome blocks them with CORS errors. It is SO frustrating and I was SO SO happy when I found this extension. It works exactly as needed. There's another CORS extension but it seems to cause issues with other websites so I have to constantly turn it on and off — this one is PERFECT. Except, Chrome has disabled it because it's not up-to-date. Whoever made this, can you PLEASE fix this? Or if any developers have experience to build something just like this, please contact me. I would pay to have this fixed. [email protected]
This is very good & helpful ext to use
it works good for me,but chrome now was disable to use it at all
As simple as it gets
Working Perfectly and as expected
It works greatly for me. The only thing worries me is that it does not support Manifest v3. Maybe one day Chrome will disable it.
good. works
not working for me
Amazing and simple - I hope it doesn't get taken off the store! I am recommending it to all my students.
Works fine
works!
chome should keep this amazing extention is the best for this kind of dev experience
doesn't work for me.
This seems to always modify your requests, not only when it's "active". Headache of a bugfix that was actually machine confinguration
Was working, then stopped.
With the update to Manifest v3, when sending a request with fetch from a homemade Chrome extension, a CORS error will occur 100% of the time, and there is nothing the client can do to avoid it. However, by using this extension, you can receive responses with fetch without them failing with a CORS error. This extension is like a godsend for Chrome extension developers.
doesnt work
Not working when CORS header is ignored b/c coming through a unsecure request (http). "The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead."
Seems to work well, and does what I needed it to do (allows me to parse HTTP responses on localhost by appending 'Access-Control-Allow-Origin: *' to the header). It supports a number of other configurations, as well, which I don't currently need but are nice to have as options.
It has a BIG BUG when "credentials": "includes" exists in fetch request. The extension puts wildcard * in Access-Control-Allow-Methods and this make CORS to block the request.
Works as expected
Does exactly what it says
works perfectly
Awesome! Thank you!
does exactly what it does, a lot better than all the other CORS extensions!
It was better than related extension!
Worked for me using fetch
Does exactly what it says on the tin. 👍
Don't work
Do good job
While it does not work everytime, It still gives you a pocket to work with if you are lucky enough. I wasn't but I do rate this highly as dealing with CORS can be pretty frustrating when the servers aren't configured and you cannot communicate.
It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
Macht was es soll. Daumen hoch
It's the only CORS chrome extension that works for me
It's the only CORS chrome extension that works for me
Thankyou buddy 😍👍
Thankyou buddy 😍👍
Solved my problem
Solved my problem
Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
не работает
Just it did the job at the very first time. Amazing.
Just it did the job at the very first time. Amazing.
Works great!
