CORS Unblock

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

What is CORS Unblock?

CORS Unblock is a Chrome extension designed to ease browsing by bypassing CORS-related errors. The extension alters the 'Access-Control-Allow-Origin' and 'Access-Control-Allow-Methods' headers, ensuring seamless web requests. It includes additional features such as支 removing CSP-related headers, overwriting returned 4xx status code, and permitting cross-origin frame embedding among others. CORS Unblock is user-friendly with an option to modify headers according to your need.

Download

Extension stats

By: balvin.perrie

View on Chrome Web Store

Users: 200,000+

Rating: 4.15 (158)

Version: 0.3.8 (Last updated: 2024-02-11)

Creation date: 2020-05-27

Risk impact: Very high risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

storage
<all_urls>
webRequest
webRequestBlocking
declarativeNetRequest
contextMenus
debugger

Size: 207.87K

Email: ba*****@gmail.com

URLs: Privacy policy

Ranking

# 1666 ▼ 20

Other rankings

#2717 in Developer Tools

#14 in unblock keyword 67 ▲ 2

#30 in policy keyword 10 ▲ 2

#97 in server keyword 51 ▲ 5

#102 in header keyword 25 ▼ 4

Upgrade to see more rankings

Other platforms

CORS Unblock (v0.3.8)

3.86

(28) 6,928+

CORS Unblock (v0.3.8)

4.30

(12) 54,842+

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK Access-Control-Allow-Methods: request initiator or empty Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: request initiator or *

Additional Features:

It can remove the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".
It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Works well for local development and allows parsing of HTTP responses.
Simple to use and effective for avoiding CORS errors.
Helpful for Chrome extension developers.

Cons

Inconsistent performance; some users report it not working.
Issues with CORS headers when using insecure requests (http).
Has bugs related to specific configurations like 'credentials' in fetch requests.

Most mentioned