CORS Unblock

Moesif Origin/CORS Changer & API Logger

Allow cross-domain requests by override Origin and CORS headers. Log/capture XmlHttpRequest API calls for debugging and analytics. This plugin allows you to send cross-domain requests directly from browser without receiving Cross Origin Errors. You can override the Request Origin header with this plugin and also have Access-Control-Allow-Origin set to *. Update: We removed email list signup and added ability to log and capture API calls. Migrated from Chrome Manifest V2 to V3, due to the new V3 "storage" api, your old settings may need to be reentered. You can override: Request Headers: Origin Response Headers: Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Credentials, Access-Control-Expose-Headers Guide on CORS: https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/ You can capture any Ajax, XmlHttpRequest, or fetch API requests made by any page, and send to your Moesif account for analytics and debugging. DISCLAIMER: This tool circumvents CORS security rules baked into every browser and is intended for testing your own website during development. Some production websites like Google Docs or Facebook may complain if they detect something that isn't expected. You can use the whitelist feature to only turn on for some domains. To avoid security issues, it is recommend to turn off after debugging. About Moesif API Monetization and Observability: Moesif (https://www.moesif.com) enables API teams at UPS, You.com, Deloitte, and others to deeply understand customer API usage and ship better API products with user-centric API analytics and monetization, which enables you to: - Understand customer API usage with user behavior analytics. - Debug issues quickly with high-cardinality API logs and metrics. - Get alerted of problems that impact customers. - Track API KPIs with custom dashboards. - Meter API usage and set up billing meters with integrations with Stripe, Chargebee, and custom billing platforms. By using this extension, you agree to Moesif's terms of use (https://www.moesif.com/terms) and privacy policy (https://www.moesif.com/pravicy).

CORS Bypass

when enabled, add the header 'Access-Control-Allow-Origin: *' to the response to resolve CORS errors. when enabled, add the header 'Access-Control-Allow-Origin: *' to the response to resolve CORS errors.

Anti-CORS, anti-CSP

Enable cross origin requests blocked by CORS or CSP. Disable CORS and CSP in selected hostnames, preserve security of other websites The extension enables cross origin requests with fetch() or XMLHttpRequest (XHR) objects that are blocked by CORS policy or violate the document’s Content Security Policy. It is an easiest way to solve CORS errors during development. Internally the extension bypasses Cross-Origin Resource Sharing (CORS) and Content Security Policy (CSP) by setting permissive Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Access-Control-Allow-Credentials and Content-Security-Policy response headers. User guide: Click the extension icon in the tab with the URL on which you want to enable cross-origin requests. CORS policy gets disabled in all the tabs with the same hostname. The tabs with web pages from other hosts are not affected. Any fetch() or XHR requests will succeed unless they are blocked by CSP. To disable CSP the pages have to be reloaded. Typical use case: You develop an enterprise web application whose functionality depends on already existing web services. The production environment has the same hostname as the web services, but the development environment is set up in your office and has a different hostname. The web services do not support the cross-origin requests. Thus, in the development environment HTTP requests to the essential web services are prevented by the CORS mechanism in the browser. You can imagine a solution based on a reverse proxy and the environment-dependent URLs for the REST services, or you can opt for the effortless solution not to do anything more than installing a browser extension. Not only CORS, but also CSP prevents cross-origin requests. A strict CSP is an increasingly common security requirement. As with CORS, you could set up different policies for the development and production environment, but it is easier to use an extension instead of configuring environment-specific application settings. How this extension is better than other extensions: - The extension is domain-specific. Cross-origin requests gets enabled, i.e. CORS and CSP get disabled, not globally in all browser tabs, but only in the tabs with the hostnames that you have selected by clicking on the extension icon. Thus, the extension does not compromise the security of all websites opened in your browser. - The extensions is open source and, thus, is safe. - The extension relaxes both CORS and CSP. - Cross origin requests with cookies are supported. The extension sets not an asterisk but the exact origin in the Access-Control-Allow-Origin header. - The extension does not disrupt function of any popular websites such as Youtube.com or Google Docs - The extension does not have any settings and does not need to be configured. - Besides the icon, the extension does not have any user interface. How to test a CORS extension There are two criteria: - Cross origin requests become possible. You can test all possible requests, i.e. GET, POST, PUT, DELETE, PATCH with or without credentials, on https://crossoriginrequests.onrender.com - Function of other websites, e.g. youtube.com or docs.google.com, should not be disrupted even when the extension is activated in their tabs. The source code of the anti-CORS extension is explained in https://marian-caikovski.medium.com/how-to-bypass-cors-and-csp-policies-and-enable-cross-origin-requests-in-a-browser-47fe269500fb The plain source code can be extracted from the extension or downloaded from https://github.com/marianc000/antiCors

CORS Unblock

Easily bypass CORS errors during development with a simple ON/OFF toggle. Easily bypass CORS errors during development with a secure ON/OFF toggle. CORS Unblock is a professional Chrome extension built specifically for web developers who need temporary, reliable control over Cross-Origin Resource Sharing during local development and testing. • One-Click ON / OFF Toggle Instantly enable or disable CORS bypass with clear visual feedback. • Visual Status Indicators Color-coded badge and popup status ensure you always know when CORS is active. • Quick Reload Controls Reload the current page directly from the extension for faster iteration. • Intelligent Cache Clearing Clear cache, service workers, and perform hard reloads to avoid stale data during debugging. • Domain Whitelist Management Add or remove domains where CORS bypass is needed, keeping usage controlled and intentional. • Comprehensive Resource Coverage Works with fetch, XMLHttpRequest, scripts, images, stylesheets, fonts, media, and iframes. • Persistent Preferences Remembers your last state across browser restarts. 👨‍💻 Built For • Frontend and backend developers • API and microservice testing workflows • Local development environments • QA and staging validation Unlike generic CORS extensions that modify everything blindly or rely on unsafe debugging APIs, CORS Unblock focuses on: • Control instead of brute force • Clear visibility and safety A practical tool for developers who want predictable CORS handling—without compromising security or stability.