Compare Chrome extensions: Disable Content-Security-Policy vs CORS Unblock
Stats | Disable Content-Security-Policy | CORS Unblock |
---|---|---|
User count | 60,000+ | 200,000+ |
Average rating | 3.63 | 4.20 |
Rating count | 81 | 142 |
Last updated | 2020-05-06 | 2024-02-11 |
Size | 24.09K | 207.87K |
Version | 3.0.0 | 0.3.8 |
Short description | |
---|---|
Disable Content-Security-Policy for web application testing. When the icon is colored, CSP headers are disabled. | No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled |
Full summary | |
Use at your own risk. This disables the Content-Security-Policy header for a tab. Use this when testing what resources a new third-party tag includes onto the page. Click the extension icon to disable Content-Security-Policy header for the tab. Click the extension icon again to re-enable Content-Security-Policy header. Use this only as a last resort. Disabling Content-Security-Policy means disabling features designed to protect you from cross-site scripting. Prefer to use report-uri which instructs the browser to send CSP violations to a URI. That allows you keep Content-Security-Policy enabled in your browser but still know what got blocked. https://report-uri.com is a free tool that gives you a web interface to inspect CSP violations on your site. |
This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them. The default values for the headers: Access-Control-Allow-Origin: request initiator or empty Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK Access-Control-Allow-Methods: request initiator or empty Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: request initiator or * Additional Features:
|