chrisdeely / forcecors Goto Github PK
View Code? Open in Web Editor NEWA Google Chrome extension that allows you to selectively force CORS headers to be applied to server responses
License: MIT License
A Google Chrome extension that allows you to selectively force CORS headers to be applied to server responses
License: MIT License
Hi Chris,
Thanks for you plugin. This one looks particularly interesting, as it uses whitelists. Is there a reason you havent added this to the chrome web store?
I would like to advice this to users of my web application (see http://yasgui.laurensrietveld.nl) as a workaround for some issues they may encounter.
However, I'd like to keep these workaround as easy as possible, meaning I would like to avoid the need to use developer tools
Best, Laurens
This is what I've given:
URL : http://localhost:3002/*
*Header: Access-Control-Allow-Origin
*Value : http://localhost:3003/
This is a cool project!
I want to use this extension in a site, where we use authentication cookies. When I turn the extension on, it sends the request, but the Cookie header is missing, so my auth cookie not sent to the server.
If I open the URL in a separate tab, there is no problem with it, Cookie header is there.
ForceCORS properly updates my response headers, but for some reason, DevTools doesn't show the new header values. Why does it show the original values instead of the modified ones? Is there a way to change that?
I added a localhost rule to insert Access-Control-Expose-Headers
for a custom header. The server sends Access-Control-Expose-Headers: *
(which apparently doesn't work, hence the need to override the header), which ForceCORS overwrites with my customization.
Expected result: the new URL is added to the list on the right
Actual result: the input field is emptied, but the URL is not added to the list. Attempting the steps a second time works properly
it would be nice to auto populate the cors headers rather than requiring the user to go find them & copy/paste
When I try to add an URL, it doesn't work. If I retry to add it, it works.
An example of URL that gives me this kind of behaviour is:
http://localhost:9080/*
The settings page could be improved by using a full table. Maybe bootstable?
Hi,
When the extension is enabled the console throw error at each request:
Here's the complete log:
ForceCORS was unable to modify headers for: https://www.google.ca/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&pgcl=1&gs_rn=42&psi=m7nqx09vx7mVfgRM&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw - net::ERR_ABORTED
Journal
ForceCORS was unable to modify headers for: https://www.google.ca/gen_204?s=webaft&atyp=csi&ei=OVzzWu6mNOeL_Qagko2QCA&rt=wsrt.551,aft.310,prt.310 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://www.google.ca/gen_204?atyp=csi&ei=OVzzWu6mNOeL_Qagko2QCA&s=webhp&imc=2&imn=2&imp=0&adh=&conn=onchange&ima=1&ime=0&imeb=0&imeo=0&mem=ujhs.10,tjhs.10,jhsl.1136&rt=aft.310,dcl.314,iml.310,ol.1026,prt.310,xjs.940,xjsee.939,xjses.821,xjsls.348,wsrt.551,cst.43,dnst.9,rqst.153,rspt.29,sslt.43,rqstt.46,unt.8,cstt.39,dit.863&zx=1525898300618 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://adservice.google.ca/adsid/google/ui - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://cache1.value-domain.com/vd_468x60.png - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://www.google-analytics.com/r/collect - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS&dimensions[title]=GitHub%20-%20chrisdeely%2FForceCORS%3A%20A%20Google%20Chrome%20extension%20that%20allows%20you%20to%20selectively%20force%20CORS%20headers%20to%20be%20applied%20to%20server%20responses&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898371491&dimensions[request_id]=D4CC%3A732D%3A73566%3AEA0AF%3A5AF35C80&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&dimensions[repository_id]=4441417&dimensions[repository_nwo]=chrisdeely%2FForceCORS&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=4441417&dimensions[repository_network_root_nwo]=chrisdeely%2FForceCORS&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&measures[performance_timing]=1-97-39--1396-1351-1348-412-39-22-6---0---97-426-400-64--&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS%2Fissues&dimensions[title]=Issues%20%C2%B7%20chrisdeely%2FForceCORS%20%C2%B7%20GitHub&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898376903&dimensions[request_id]=D4CC%3A732D%3A73566%3AEA0AF%3A5AF35C80&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&dimensions[repository_id]=4441417&dimensions[repository_nwo]=chrisdeely%2FForceCORS&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=4441417&dimensions[repository_network_root_nwo]=chrisdeely%2FForceCORS&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely&dimensions[title]=chrisdeely%20(Chris%20Deely)%20%C2%B7%20GitHub&dimensions[referrer]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS%2Fissues&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898385937&dimensions[request_id]=D4CC%3A732D%3A73A8F%3AEAA54%3A5AF35C8E&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&&measures[performance_timing]=1-8-8--1234-1129-1127-694-8-8-8---0---15-679-667--677-676&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://www.google-analytics.com/collect - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS%2Fissues&dimensions[title]=Issues%20%C2%B7%20chrisdeely%2FForceCORS%20%C2%B7%20GitHub&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898416766&dimensions[request_id]=D4CC%3A732D%3A74797%3AEABB0%3A5AF35C8F&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&dimensions[repository_id]=4441417&dimensions[repository_nwo]=chrisdeely%2FForceCORS&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=4441417&dimensions[repository_network_root_nwo]=chrisdeely%2FForceCORS&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&measures[performance_timing]=1-2-2--965-891-889-262-2-2-2---0---12-251-240--250-248&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://api.github.com/_private/browser/stats - net::ERR_BLOCKED_BY_CLIENT
NOTE: I don't have added any URL to modify in the option page.
I use:
Chromium | 66.0.3359.117 |
---|
Regards
For
Access-Control-Allow-Origin
It would be nice to pass the current URL so if the value in the settings was:
HTTP_ORIGIN
Then you would replace that with the current url in the header ...
In my nginx.conf file I do this:
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
Hi there, first of all thanks for this nice extension.
I have some problems whitelisting non trivial cors requests that trigger cors preflights (to name it, GET with a range
header).
The problem is, that the remote endpoint does not support CORS at all an responds to those OPTION requests with 501 (not implemented). I tried to dig into the web request api (https://developer.chrome.com/extensions/webRequest) but there seem to be no option to intercept onErrorOccured
nor to create synthetic responses in onBeforeRequest
. Before giving up, I wanted to ask If you have an idea to solve this.
unable to hardcore the url and headers in code, please help where to insert the url and header values in the code itself
My responses from a JIRA cloud instance's REST API do not have the access control header set to the value I have added into your plugin UI.
Please help, thanks.
bwb1066
Env :
Version 77.0.3865.90 (Official Build) Built on Ubuntu , running on LinuxMint 18.2 (64-bit)
ForceCORS Version 1.1
Console error :
Access to XMLHttpRequest at 'https://sso.api.staging-aws.centiva.ca/api/v1/users/login' from origin 'http://connexion.centiva.local' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
https://sso.api.staging-aws.centiva.ca/*
Is there anything I am doing wrong ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.