enciclhoacadbopnoeecfeobdbcbebnb
An extension to help to bypass CORS security errors on superannotate domains This extension helps overcome CORS policy limitations ONLY on SuperAnnotate’s and localhost domains by modifying the `Access-Control-Allow-*` response headers. You can enable or disable the extension by clicking on its icon. Additionally, you can toggle which types of headers it modifies: We value web security and have intentionally kept this extension as minimal as possible to ensure a safe browsing experience. This extension DOES NOT collect, store, or share any user data.
Anti-CORS, anti-CSP
Enable cross origin requests blocked by CORS or CSP. Disable CORS and CSP in selected hostnames, preserve security of other websites The extension enables cross origin requests with fetch() or XMLHttpRequest (XHR) objects that are blocked by CORS policy or violate the document’s Content Security Policy. It is an easiest way to solve CORS errors during development. Internally the extension bypasses Cross-Origin Resource Sharing (CORS) and Content Security Policy (CSP) by setting permissive Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Credentials and Content-Security-Policy response headers. User guide: Click the extension icon in the tab with the URL on which you want to enable cross-origin requests. CORS policy gets disabled in all the tabs with the same hostname. The tabs with web pages from other hosts are not affected. Any fetch() or XHR requests will succeed unless they are blocked by CSP. To disable CSP the pages have to be reloaded. Typical use case: You develop an enterprise web application whose functionality depends on already existing web services. The production environment has the same hostname as the web services, but the development environment is set up in your office and has a different hostname. The web services do not support the cross-origin requests. Thus, in the development environment HTTP requests to the essential web services are prevented by the CORS mechanism in the browser. You can imagine a solution based on a reverse proxy and the environment-dependent URLs for the REST services, or you can opt for the effortless solution not to do anything more than installing a browser extension. Not only CORS, but also CSP prevents cross-origin requests. A strict CSP is an increasingly common security requirement. As with CORS, you could set up different policies for the development and production environment, but it is easier to use an extension instead of configuring environment-specific application settings. How this extension is better than other extensions: - The extension is domain-specific. Cross-origin requests gets enabled, i.e. CORS and CSP get disabled, not globally in all browser tabs, but only in the tabs with the hostnames that you have selected by clicking on the extension icon. Thus, the extension does not compromise the security of all websites opened in your browser. - The extensions is open source and, thus, is safe. - The extension relaxes both CORS and CSP. - Cross origin requests with cookies are supported. The extension sets not an asterisk but the exact origin in the Access-Control-Allow-Origin header. - The extension does not disrupt function of any popular websites such as Youtube.com or Google Docs - The extension does not have any settings and does not need to be configured. - Besides the icon, the extension does not have any user interface. How to test a CORS extension There are two criteria: - Cross origin requests become possible. You can test all possible requests, i.e. GET, POST, PUT, DELETE, PATCH with or without credentials, on https://crossoriginrequests.onrender.com - Function of other websites, e.g. youtube.com or docs.google.com, should not be disrupted even when the extension is activated in their tabs. The source code of the anti-CORS extension is explained in https://marian-caikovski.medium.com/how-to-bypass-cors-and-csp-policies-and-enable-cross-origin-requests-in-a-browser-47fe269500fb The plain source code can be extracted from the extension or downloaded from https://github.com/marianc000/antiCors
CORS Unlocker
Grant cross-origin request permissions for websites and open doors to boundless potential Skip Expensive Proxy Servers - Enable CORS Directly in Your Browser CORS Unlocker eliminates the need for costly proxy servers by enabling cross-origin requests directly in your browser. Perfect for developers who want to call third-party APIs without backend infrastructure. - Zero server costs - No more $20-200/month proxy expenses - One-click activation for any domain - Smart rule management with auto-cleanup - Developer-friendly NPM package included - Open source and fully transparent 💻 Perfect For: - Internal company tools and dashboards - Rapid API prototyping and testing - Startup MVPs with zero infrastructure budget - Educational projects and demos - Personal development projects Install our NPM package to detect the extension and guide users through setup automatically. No complex configuration needed. 1. Install the extension 2. Visit your web application 3. Click to enable CORS for the current domain 4. Start making cross-origin requests immediately - Works locally in your browser - No data sent to external servers - Rules stored locally on your device - Open source code available on GitHub Mobile browsers and Safari are not supported due to extension API limitations. Save hundreds of dollars annually while simplifying your development workflow!
NG-Anti-CORS
Bypass CORS restrictions with one click. Perfect developer tool for testing APIs and debugging applications locally. Eliminate CORS errors in your web development workflow with one click! NG-Anti-CORS is a powerful developer tool designed to bypass Cross-Origin Resource Sharing restrictions when testing or prototyping web applications. • Toggle CORS blocking on and off with a single click • Configure persistent site-specific settings that remain active after browser restart • Selectively enable CORS blocking only for specific domains that you choose • Clean visual indicators showing when CORS blocking is active • Customizable notifications to remind you when CORS restrictions are being bypassed • Simple domain management interface for maintaining your preferences - Perfect for: - • Frontend developers working with APIs • Testing applications locally • Debugging CORS-related issues • Working with third-party services that have restrictive CORS policies Critical Fix: Corrected the core behavior of the extension. Previously, the extension was incorrectly blocking CORS when disabled. Now it correctly does not modify browser behavior when disabled. Improved UI Labels: Updated status messages and notifications to accurately reflect the extension's functionality New Feature: Added advanced domain filtering options New Feature: Customizable notification timeout settings Improved Performance: Optimized background processes for better browser performance Enhanced UI: Redesigned settings panel for better usability Bug Fixes: Resolved issues with certain domain configurations Bug Fixes: Fixed unwanted notifications showing up for domains where CORS is not active Improved Compatibility: Fixed issues with YouTube and Google services breaking when extension is active Smart Domain Detection: Added intelligent detection of sites with existing CORS handling Enhanced Notification System: Better control over when notifications appear Protected Domain Handling: Special treatment for domains with sensitive CORS requirements NG-Anti-CORS lets you maintain separate settings for each site, allowing you to permanently enable CORS blocking on development domains while keeping it disabled on sensitive websites - even after restarting your browser.
CORS Unblock
No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them. The default values for the headers: Additional Features: 1. It can remove the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy". 2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does. 4. It can permit cross-origin frame embedding (by removing the "X-Frame-Options" header) to simplify remote page embedding during local development. 5. It can include or exclude the "referer" and "origin" headers when a server is sensitive to them to work appropriately. 6. The extension optionally uses the "chrome.debugger" to overwrite 4xx status codes (in case a server does not support a method, you can use this feature to pretend the server accepts a response or supports an unsupported method). 7. The extension also optionally fixes CORS policies of redirected URLs. -- It is important to note that this extension fixes preflight requests to permit access to any custom header (when enabled). Links: 1. For reporting bugs, please use the link https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock.
