CORS Unblock

This extension provides control over the "XMLHttpRequest" and "fetch" methods by providing custom "access-control-allow-origin" and "access-control-allow-methods" headers to every request that the browser receives. A user can toggle the extension on and off from the toolbar button. To modify how these headers are altered, use the right-click context menu items. You can customize what methods are allowed. The default option is to allow "WEBDAV", "GET", "PUT", "POST", "DELETE", "HEAD", "OPTIONS", "PATCH" methods. You can also ask the extension not to overwrite these headers when the server already fills them. This extension also fixes CORS policies of redirected URLs. Default values: Access-Control-Allow-Origin: request initiator or "*" Access-Control-Allow-Methods: 'GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK' Access-Control-Allow-Methods: request initiator or "*" Access-Control-Allow-Credentials: 'true' Access-Control-Expose-Headers: request initiator or "*" Content-Security-Policy: As of version 0.3.4, you can enable wiping the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy". Notes: 1. When enabled, this extension fixes preflight[1] requests to permit access to any custom header. 2. When enabled, the extension removes the "X-Frame-Options" header (optional feature). So you can embed any website in your HTML document for testing purposes. 3. To unblock CSP (content-security-policy) related headers use my https://chrome.google.com/webstore/detail/csp-unblock/lkbelpgpclajeekijigjffllhigbhobd To report bugs, please use: https://github.com/balvin-perrie/Access-Control-Allow-Origin---Unblock [1] A preflight request is a small request that is sent by the browser before the actual request. It contains information like which HTTP method is used, as well as if any custom HTTP headers are present. The preflight gives the server a chance to examine what the actual request will look like before it?s made. The server can then indicate whether the browser should send the actual request, or return an error to the client without sending the request.