No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled
This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.
The default values for the headers:
Access-Control-Allow-Origin: request initiator or empty
Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK
Access-Control-Allow-Methods: request initiator or empty
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: request initiator or *
Additional Features:
1. It can remove the following CSP-related headers:
"Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".
2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.
3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class.
4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development.
5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately.
6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method).
7. The extension also optionally fixes CORS policies of redirected URLs.
--
It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled).
Links:
1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.
2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.
Latest reviews
- (2023-09-28) kaleem ullah: It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."
- (2023-09-26) M: Macht was es soll. Daumen hoch
- (2023-09-06) Gabriela Sartori: It's the only CORS chrome extension that works for me
- (2023-06-21) Mehdi Moradi (Aryan): Thankyou buddy 😍👍
- (2023-06-13) Burhan Dev: Solved my problem
- (2023-06-09) sibaktra 16: Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.
- (2023-05-24) Vitaliy Lufter: не работает
- (2023-05-04) Armando García: Just it did the job at the very first time. Amazing.
- (2023-05-02) Erik Hirsch: Works great!
- (2023-04-29) Gorzan Gorzan: My site which needed this worked. Thanks!
- (2023-01-31) Tharr: Frankly, I was a bit concerned when I was playing my idling game during some free time. And ran into devastating error. With my limited HTML knowledge I managed to reduce the problem to a CORS issue. Thank god for this extension as it has saved my game. I thank you glorious developers.
- (2022-12-02) Pablo Lopez: Muy buena para realizar pruebas de desarrollos con backend remoto. Hay que tener ojo para desactivarla despues de usarla, ya que afecta el funcionamiento de algunos sitios.
- (2022-11-27) Kashmiri: Love it it Works!!! Thank you 🙏🙏
- (2022-11-10) Nikolai Kasparov: До этого использовал Allow CORS: Access-Control-Allow-Origin, как я его ни крутил, локалка с withCredential не работала. Установил уже от отчаяния эту штуку и вуаля. Заработало с первого тычка!
- (2022-11-03) Cường Huy Nguyễn: You saved my project
- (2022-11-02) yue zhao: it meets basic needs, but cannot set cookies in headers.
- (2022-10-24) Kiran Sarpotdar: Awesome, it works, when some of the others don't work in all scenarios.. this is good, simple!
- (2022-10-17) Dạo Mách: i have searched many ways from stackoverflow to youtube but the ways can't solve. Extension this is the only thing that helped me. Thanks developer. I come from Vietnam.
- (2022-09-14) Sahil Rajput: awesome, it works!
- (2022-08-04) Max Stetter: Works exactly as it says it would.
- (2022-07-31) Anatoli Radulov: Works great!
- (2022-07-14) Roy: It did its job, but make sure to disable it completely when you don't use it. It caused whatsapp web to stop functioning, even when it was not running.
- (2022-07-06) Nakd Bangali: Finally an extension that ACTUALLY worked!!!
- (2022-06-24) S _: IT JUST WORKS PERFECTLY!
- (2022-04-30) João Igor M. da Silva: Very good!
- (2022-04-15) Alex SB: Мешает работе некоторых сайтов, провоцируют ошибки CORS\
- (2022-03-17) PNam: not work
- (2022-03-06) Никита Стогний: Не работает
- (2022-02-11) Oliver Rýdzi: Works great, thanks a lot!! If it doesn't work you make sure to right click and enable all three access control headers :)
- (2022-01-27) Senuri Ranasinghe: Works perfectly!
- (2021-12-20) Alexander Designer: Very easy to use: just install & activate it – and you're good to go! Does its job seamlessly :) Thank you! Feature request: It would be great to be able to define website where the extension is turned on. So it would affect, for example, only website under development and not the rest ones. Thanks!
- (2021-11-09) adam chawki: Works like a charm
- (2021-09-17) Omid Mafi: Works perfectly!
- (2021-09-07) Александр КУКУ: Работает
- (2021-08-13) Igor Valkenburg: Thanks. Would it be nice to have the option to automatically block again when opening a new closing and opening browser.
- (2021-08-11) George Messi: Did not work. Only replaced the error I was receiving with a different one.
- (2021-08-11) Luiz Henrique Rios: Not working
- (2021-07-10) ruinb0w zero: thanks for your work, it's great!
- (2021-07-02) Irina P: Thank you very much
- (2021-06-29) Chklag: Yes!!! It works, but it's not intuitive to enable the icon of this extenion in chrome bar du click on it to enable/disable without configuration page.
- (2021-06-15) Jessica Phua: works just fine! just remember to turn it on after you install it when you want to use it (because it is off by default) and turn it off when you're done debugging.
- (2021-05-01) bedoui wejdene: It doesn't work ! Avoid this extension
- (2021-04-12) Sasha Pyrozhok: Please note in documentation and extensions store that this extension break Google Hangoutes and can cause other issues with Slack e.t.c! So it should be disabled before calls. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- (2021-04-12) David Klempfner: Doesn't work. I'm using Version 89.0.4389.114 (Official Build) (64-bit).
- (2021-04-03) Vladimir: Helped to bypass CORS error in Chrome: Cross-Origin Resource Sharing error: MissingAllowOriginHeader
- (2021-03-19) Wagner oliveira rodrigues: Muito bom!!! Testei diversos apenas esse me atendeu Parabéns
- (2021-03-17) Carlos de la Orden: Be careful this breaks other apps, like Hangouts inside Gmail. It is supposed to unblock, not to block content. Not recommended, but if you really need to use it for development purposes, enable it only after clicking on it on specific websites. Your general web surfing will be affected otherwise.
- (2021-03-17) Blake La Pierre: Doesn't seem to work for iframes from different domains (codepen.io cdpn.io)
- (2021-03-14) FreebooterFox: Fixes an issue with reddit videos not playing. Breaks functionality practically anywhere else. I have mixed feelings about what seems to be a requirement to now actively manage functionality of a browser and/or website that should function well enough on its own, but it is what it is, and that's not the fault of the developer of this extension.
- (2021-03-01) Felipe Az: Show perfeito