Disable Content-Security-Policy
Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled.
Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page.
Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header.
Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site.
Latest reviews
Doesn't work
I've been using this one for probably 5 years for work and never had an issue.
Did not work in Chrome. "Refused to frame ______________ because an ancestor violates the following Content Security Policy directive" Works in Edge though..
Very effective
29 Jul 2024: its working. For those who messaged its not working: make sure you are using it correctly (you see "blocked:csp" agaist your request in network tab)
Not working for some telegram web bot
it work like a charm
Doesn't work
It works
awesome
Don't bother, it didn't work, at least in Brave Version 1.62.156 Chromium: 121.0.6167.139 (Official Build) (64-bit) From DevTools override headers and delete/modify the response CSP to your liking: https://developer.chrome.com/docs/devtools/overrides
Worked like a charm!
did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
did not work locally with iframe logging still this err "Refused to frame 'https://stage.mydomain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.com https://*.mydomain.com""
Works fine after refresh
Works fine after refresh
Works if you hard refresh 😁
Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
Don't waste your time, it doesn't work at all. It had one job to do and it fails miserably at it. Absolutely no change.
Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
Still got "Refused to frame" error in Chrome related to the content security policy. Did not work for me.
Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
Did/changed nothing. All the same CSPs showed up after toggle as were there before, not sure what this is actually for?
非常有用,可以在 Github上运行翻译脚本了
I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.
It does not work on a website which adds CSP using HTML meta tag.
There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.
works like a charm!
works like a charm!
Works good
Works good
Works perfectly. Thank you very much!
Works perfectly. Thank you very much!
Don't work
Don't work
It has no effect on the CSP headers when enabled and active for given tab.
It has no effect on the CSP headers when enabled and active for given tab.
Doesn't work, or no longer works.
Doesn't work, or no longer works.
I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)
Doesn't work with latest Chrome
Doesn't work with latest Chrome
Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.
works very well 非常好用
Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.
