Anti-CORS, anti-CSP

Enable cross origin requests blocked by CORS or CSP. Disable CORS and CSP in selected hostnames, preserve security of other websites

Anti-CORS, Anti-CSP Extension for Chrome

"Anti-CORS, anti-CSP" is a Chrome extension designed to enable cross-origin requests that are usually blocked by CORS policy or violate Content Security Policy (CSP). It bypasses CORS and CSP by setting permissive response headers specific to selected hostnames, ensuring that security is maintained for other sites. Ideal for developers, it easily resolves CORS errors during development without requiring additional configurations or affecting other web applications.
Install from Chrome Web Store

Extension stats

Users: 606
68
Rating: 5.00
(4)
Version: 0.0.7 (Last updated: 2024-09-19)
Version code: 0.0.7
Creation date: 2024-04-28
Manifest version: 3
Permissions:
  • declarativeNetRequest
  • storage
  • tabs
Size: 43.37K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

The extension enables cross origin requests with fetch() or XMLHttpRequest (XHR) objects that are blocked by CORS policy or violate the document’s Content Security Policy. It is an easiest way to solve CORS errors during development.

Internally the extension bypasses Cross-Origin Resource Sharing (CORS) and Content Security Policy (CSP) by setting permissive Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Credentials and Content-Security-Policy response headers.

User guide: Click the extension icon in the tab with the URL on which you want to enable cross-origin requests. CORS policy gets disabled in all the tabs with the same hostname. The tabs with web pages from other hosts are not affected. Any fetch() or XHR requests will succeed unless they are blocked by CSP. To disable CSP the pages have to be reloaded.

Typical use case: You develop an enterprise web application whose functionality depends on already existing web services. The production environment has the same hostname as the web services, but the development environment is set up in your office and has a different hostname. The web services do not support the cross-origin requests. Thus, in the development environment HTTP requests to the essential web services are prevented by the CORS mechanism in the browser. You can imagine a solution based on a reverse proxy and the environment-dependent URLs for the REST services, or you can opt for the effortless solution not to do anything more than installing a browser extension.

Not only CORS, but also CSP prevents cross-origin requests. A strict CSP is an increasingly common security requirement. As with CORS, you could set up different policies for the development and production environment, but it is easier to use an extension instead of configuring environment-specific application settings.

How this extension is better than other extensions:

  • The extension is domain-specific. Cross-origin requests gets enabled, i.e. CORS and CSP get disabled, not globally in all browser tabs, but only in the tabs with the hostnames that you have selected by clicking on the extension icon. Thus, the extension does not compromise the security of all websites opened in your browser.
See more

User reviews

excelent work
by Badr Elmers, 2025-01-25

Well done, the icon could be designed better tho
by foro heroku, 2025-01-07

Nice job, easy and functional , wish you the Best
by Mohammad Reza, 2025-01-07
View all user reviews

Extension safety

Risk impact

Anti-CORS, anti-CSP requires a few sensitive permissions. Exercise caution before installing.

Risk impact analysis details
  • Critical Grants access to browser tabs, which can be used to track user browsing habits and history, presenting a privacy concern.
  • Low ******* ****** ** *** ********* ********
Risk likelihood

We don't have sufficient data to confidently determine the risk likelihood of Anti-CORS, anti-CSP. Use it at your own risk.

Risk likelihood analysis details
  • High This extension has low user count. Unpopular extensions may not be stable or safe.
  • Low **** ********* *** ******* **** **** * ****** **** ***** ******** *** **** ****** ** ** ****** *** *****
  • Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
  • Good **** ********* ** * ******** ********* ** ****** *** *****
  • Good **** ********* *** **** **** *******
Upgrade to see full risk analysis details

Promo images

Anti-CORS, anti-CSP marquee promo image
Marquee promo image
Anti-CORS, anti-CSP small promo image
Small promo image

Similar extensions

Here are some Chrome extensions that are similar to Anti-CORS, anti-CSP: