CORS Unblock

No more CORS error by appending 'Access-Control-Allow-Origin: *' header to local and remote web requests when enabled

CORS Unblock - An Essential Edge Add-on for Debugging

CORS Unblock is a valuable Edge add-on utilized for bypassing 'XMLHttpRequest' and 'fetch' rejections by altering 'Access-Control-Allow' headers in every outstanding request. It can change default header values, manipulate returned 4xx status codes, permit cross-origin frame embedding, and address CORS policies of redirected URLs. Invocation of the add-on is by pressing the action button or through the right click context menu. It also paves the way for debugging by pretending websites to support unsupported server methods or classes.

Add-on stats

By: Bermet
Rating: 4.30
(12)
Version: 0.3.8 (Last updated: 2024-02-11)
Creation date: 2021-04-06
Risk impact: Very high risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • storage
  • <all_urls>
  • webRequest
  • webRequestBlocking
  • declarativeNetRequest
  • contextMenus
  • debugger
Size: 202.43K

Other platforms

CORS Unblock (v0.3.8)
4.16 (162) 200,000
Not available on Android
CORS Unblock (v0.3.8)
3.86 (28) 6,810
Want to check extension ranking and stats more quickly for other Edge add-ons? Install Chrome-Stats extension to view Edge-Stats data as you browse the Edge Add-on Store.

Add-on summary

This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the browser receives. You can activate the extension by pressing the action button. Also, use the right-click context menu over the action button to modify which headers the extension manipulates. You can also ask the extension not to overwrite these headers when the server returns values for them.

The default values for the headers:

Access-Control-Allow-Origin: request initiator or empty Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK Access-Control-Allow-Methods: request initiator or empty Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: request initiator or *

Additional Features:

  1. It can remove the following CSP-related headers: "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-Content-Security-Policy".

  2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does not support a method, but you want to pretend it does.

See more

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Edge Add-on Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.
Pros
  • Easy to use
  • Effective
  • Works fine
  • Savior for development work
Cons
  • Does not work with local file:// javascript
Most mentioned
  • Easy to use
  • Effective
  • Does not work with local file:// javascript
User reviews
使用方便,有效!
by SeaRat, 2024-07-29

this worked for me, but you need to click it for it work.
by bread, 2023-11-12

Does not work in the slightest. Bummer! Still have to manually disable CORS for dev work, then re-enable it. Anyone have a working plugin?
by Dave, 2022-06-05
View all user reviews

Add-on safety

Risk impact

CORS Unblock requires a lot of sensitive permissions. Exercise caution before installing.

Risk likelihood

CORS Unblock has earned a fairly good reputation and likely can be trusted.

Upgrade to see risk analysis details

Promo images

CORS Unblock marquee promo image
Marquee promo image