Upgrade
Merlin

Compare Chrome extensions: Allow CORS: Access-Control-Allow-Origin vs CORS Unblock

Upgrade to compare more stats
Stats Allow CORS: Access-Control-Allow-Origin Allow CORS: Access-Control-Allow-Origin CORS Unblock CORS Unblock
User count 700,000+ 200,000+
Average rating 3.39 4.18
Rating count 259 144
Last updated 2023-09-04 2024-02-11
Size 75.94K 207.87K
Version 0.1.9 0.3.8
Short description
Easily add (Access-Control-Allow-Origin: *) rule to the response header. No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled
Full summary

Allow CORS: Access-Control-Allow-Origin lets you easily perform cross-domain Ajax requests in web applications.

Simply activate the add-on and perform the request. CORS or Cross-Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature. Please note that, when the add-on is added to your browser, it is inactive by default (toolbar icon is grey C letter). If you want to activate the add-on, please open the toolbar popup and press the toggle button on the left side. The icon will turn to an orange C letter.

If you have a feature request or found a bug to report, please fill out the bug report form on the add-on's homepage (https://mybrowseraddon.com/access-control-allow-origin.html).

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK Access-Control-Allow-Methods: request initiator or empty Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: request initiator or *

Additional Features:

  1. It can remove the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".

  2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.

See more