CORS Unblock

CRX ID
lfhmikememgdcahcdlaciloancbhjino
Status
Live on Store
Description from extension meta

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

Image from store
CORS Unblock
Description from store

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty
Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK
Access-Control-Allow-Methods: request initiator or empty
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: request initiator or *

Additional Features:
1. It can remove the following CSP-related headers:
"Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".

2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.

3. It can append necessary headers to pretend websites (local or remote hosts) support SharedArrayBuffer class.

4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development.

5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately.

6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method).

7. The extension also optionally fixes CORS policies of redirected URLs.

--
It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled).

Links:
1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.

2. To have better control over CSP (content-security-policy), try my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd.

Latest reviews

Carol Rizzi 2025-05-29

Used to be the ONLY extension that works with my client's app, but after the recent update it does not work at all. Automatically turns off when I reload the page. Now I have zero extensions that work for me :(

G Test 2025-05-18

Just after the new update does not work as well as before anymore It has become so complicated and I get errors with cors. Can you please downgrade again. Please fix. It was a five star extension.

Oleksandr Boiko 2025-05-12

Does not work

Tushar Thakare 2025-05-02

WHY YOU UPDATED !!!! what did you do !! It was my fav extension , after update it is not working unfortunately , on local files it gets auto off when i reload.

Josh Graef 2025-03-28

This extension was a life-saver for me. I use an internal web app tool that I built that is a huge pain with CORS errors. It's just an internal web app so security isn't a concern for me — I just need images to display and chrome blocks them with CORS errors. It is SO frustrating and I was SO SO happy when I found this extension. It works exactly as needed. There's another CORS extension but it seems to cause issues with other websites so I have to constantly turn it on and off — this one is PERFECT. Except, Chrome has disabled it because it's not up-to-date. Whoever made this, can you PLEASE fix this? Or if any developers have experience to build something just like this, please contact me. I would pay to have this fixed. [email protected]

Er. Sanskar Dahiya 2025-03-07

This is very good & helpful ext to use

Di Qin 2025-02-06

it works good for me,but chrome now was disable to use it at all

Maksim Dimitrov 2025-01-23

As simple as it gets

Manoj Kale 2024-12-05

Working Perfectly and as expected

Work LY 2024-11-28

It works greatly for me. The only thing worries me is that it does not support Manifest v3. Maybe one day Chrome will disable it.

Zuxing Wu 2024-11-23

good. works

hikmat ullah 2024-11-04

not working for me

Cindy Corritore 2024-10-09

Amazing and simple - I hope it doesn't get taken off the store! I am recommending it to all my students.

Amirmahdi Shahbazi 2024-09-29

Works fine

Ian Serfaty 2024-09-18

works!

Rafik Mechria 2024-09-10

chome should keep this amazing extention is the best for this kind of dev experience

yingdong mao 2024-07-23

doesn't work for me.

Justice Almanzar 2024-07-02

This seems to always modify your requests, not only when it's "active". Headache of a bugfix that was actually machine confinguration

Ryan Gilmore 2024-06-14

Was working, then stopped.

doggo cabos 2024-06-04

With the update to Manifest v3, when sending a request with fetch from a homemade Chrome extension, a CORS error will occur 100% of the time, and there is nothing the client can do to avoid it. However, by using this extension, you can receive responses with fetch without them failing with a CORS error. This extension is like a godsend for Chrome extension developers.

Makaylah Bennett 2024-05-23

doesnt work

me notyou 2024-04-08

Not working when CORS header is ignored b/c coming through a unsecure request (http). "The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead."

Clara Bertaut 2024-03-23

Seems to work well, and does what I needed it to do (allows me to parse HTTP responses on localhost by appending 'Access-Control-Allow-Origin: *' to the header). It supports a number of other configurations, as well, which I don't currently need but are nice to have as options.

Cristian Enache 2024-03-20

It has a BIG BUG when "credentials": "includes" exists in fetch request. The extension puts wildcard * in Access-Control-Allow-Methods and this make CORS to block the request.

Aleksei Lunin 2024-01-24

Works as expected

Bryan Lee Wen Swen 2024-01-21

Does exactly what it says

Dat Nguyen 2024-01-15

works perfectly

Eugene Ledenev 2024-01-09

Awesome! Thank you!

what 2024-01-09

does exactly what it does, a lot better than all the other CORS extensions!

Vigen Pouya (47Vigen) 2023-12-30

It was better than related extension!

Gaurav Kumar 2023-12-23

Worked for me using fetch

Alex B 2023-12-18

Does exactly what it says on the tin. 👍

Leonardo Covari 2023-12-08

Don't work

Serafin Burberibar 2023-11-24

Do good job

Shayan Shaikh 2023-11-17

While it does not work everytime, It still gives you a pocket to work with if you are lucky enough. I wasn't but I do rate this highly as dealing with CORS can be pretty frustrating when the servers aren't configured and you cannot communicate.

kaleem ullah 2023-09-28

It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."

kaleem ullah 2023-09-28

It works 60% of the time that's why 3 stars, other times I get "has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response."

M 2023-09-26

Macht was es soll. Daumen hoch

Gabriela Sartori 2023-09-06

It's the only CORS chrome extension that works for me

Gabriela Sartori 2023-09-06

It's the only CORS chrome extension that works for me

Mehdi Moradi (Aryan) 2023-06-21

Thankyou buddy 😍👍

Mehdi Moradi (Aryan) 2023-06-21

Thankyou buddy 😍👍

Burhan Dev 2023-06-13

Solved my problem

Burhan Dev 2023-06-13

Solved my problem

sibaktra 16 2023-06-09

Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.

sibaktra 16 2023-06-09

Very good extension for working on ongoing development projects. Additionally, the extension has been well thought out. Thank you for all the effort and for sharing it.

Vitaliy Lufter 2023-05-24

не работает

Armando García 2023-05-04

Just it did the job at the very first time. Amazing.

Armando García 2023-05-04

Just it did the job at the very first time. Amazing.

Erik Hirsch 2023-05-02

Works great!

Statistics

Installs
100,000
Market
Chrome Web Store
Category
Rating
4.09 (173 votes)
Last update
2025-06-03
Version 0.5.2
Languages