chrisdeely / forcecors Goto Github PK
View Code? Open in Web Editor NEWA Google Chrome extension that allows you to selectively force CORS headers to be applied to server responses
License: MIT License
forcecors's People
Contributors
Stargazers
Watchers
Forkers
nathvarun ashkyd gerst20051 caseman72 edwindvinas dongpv91 vojtatranta caesarsol sebavan vthibault uiniq zainengineer zerocry nayosx carherco nuclear-waste-storage 3p3r stantoxt catch6 leandrodaherforcecors's Issues
Chrome web store?
Hi Chris,
Thanks for you plugin. This one looks particularly interesting, as it uses whitelists. Is there a reason you havent added this to the chrome web store?
I would like to advice this to users of my web application (see http://yasgui.laurensrietveld.nl) as a workaround for some issues they may encounter.
However, I'd like to keep these workaround as easy as possible, meaning I would like to avoid the need to use developer tools
Best, Laurens
It doesn't work for me.
This is what I've given:
URL : http://localhost:3002/*
*Header: Access-Control-Allow-Origin
*Value : http://localhost:3003/
Doesn't send cookies with the request
This is a cool project!
I want to use this extension in a site, where we use authentication cookies. When I turn the extension on, it sends the request, but the Cookie header is missing, so my auth cookie not sent to the server.
If I open the URL in a separate tab, there is no problem with it, Cookie header is there.
Why doesn't Chrome DevTools show the updated response headers?
ForceCORS properly updates my response headers, but for some reason, DevTools doesn't show the new header values. Why does it show the original values instead of the modified ones? Is there a way to change that?
I added a localhost rule to insert Access-Control-Expose-Headers for a custom header. The server sends Access-Control-Expose-Headers: * (which apparently doesn't work, hence the need to override the header), which ForceCORS overwrites with my customization.
Environment
- Chrome 55
- macOS Sierra
adding a new url doesn't work the first time
- open options page
- type in new url to be modified
- click add/hit enter
Expected result: the new URL is added to the list on the right
Actual result: the input field is emptied, but the URL is not added to the list. Attempting the steps a second time works properly
auto suggest CORS headers
it would be nice to auto populate the cors headers rather than requiring the user to go find them & copy/paste
First insertion doesn't work
When I try to add an URL, it doesn't work. If I retry to add it, it works.
An example of URL that gives me this kind of behaviour is:
http://localhost:9080/*
Make settings more friendly
The settings page could be improved by using a full table. Maybe bootstable?
Errors in the console with Chromium 66.0.3359.117
Hi,
When the extension is enabled the console throw error at each request:
Here's the complete log:
ForceCORS was unable to modify headers for: https://www.google.ca/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&pgcl=1&gs_rn=42&psi=m7nqx09vx7mVfgRM&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw - net::ERR_ABORTED
Journal
ForceCORS was unable to modify headers for: https://www.google.ca/gen_204?s=webaft&atyp=csi&ei=OVzzWu6mNOeL_Qagko2QCA&rt=wsrt.551,aft.310,prt.310 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://www.google.ca/gen_204?atyp=csi&ei=OVzzWu6mNOeL_Qagko2QCA&s=webhp&imc=2&imn=2&imp=0&adh=&conn=onchange&ima=1&ime=0&imeb=0&imeo=0&mem=ujhs.10,tjhs.10,jhsl.1136&rt=aft.310,dcl.314,iml.310,ol.1026,prt.310,xjs.940,xjsee.939,xjses.821,xjsls.348,wsrt.551,cst.43,dnst.9,rqst.153,rspt.29,sslt.43,rqstt.46,unt.8,cstt.39,dit.863&zx=1525898300618 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://adservice.google.ca/adsid/google/ui - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://cache1.value-domain.com/vd_468x60.png - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://www.google-analytics.com/r/collect - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS&dimensions[title]=GitHub%20-%20chrisdeely%2FForceCORS%3A%20A%20Google%20Chrome%20extension%20that%20allows%20you%20to%20selectively%20force%20CORS%20headers%20to%20be%20applied%20to%20server%20responses&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898371491&dimensions[request_id]=D4CC%3A732D%3A73566%3AEA0AF%3A5AF35C80&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&dimensions[repository_id]=4441417&dimensions[repository_nwo]=chrisdeely%2FForceCORS&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=4441417&dimensions[repository_network_root_nwo]=chrisdeely%2FForceCORS&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&measures[performance_timing]=1-97-39--1396-1351-1348-412-39-22-6---0---97-426-400-64--&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS%2Fissues&dimensions[title]=Issues%20%C2%B7%20chrisdeely%2FForceCORS%20%C2%B7%20GitHub&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898376903&dimensions[request_id]=D4CC%3A732D%3A73566%3AEA0AF%3A5AF35C80&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&dimensions[repository_id]=4441417&dimensions[repository_nwo]=chrisdeely%2FForceCORS&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=4441417&dimensions[repository_network_root_nwo]=chrisdeely%2FForceCORS&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely&dimensions[title]=chrisdeely%20(Chris%20Deely)%20%C2%B7%20GitHub&dimensions[referrer]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS%2Fissues&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898385937&dimensions[request_id]=D4CC%3A732D%3A73A8F%3AEAA54%3A5AF35C8E&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&&measures[performance_timing]=1-8-8--1234-1129-1127-694-8-8-8---0---15-679-667--677-676&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://www.google-analytics.com/collect - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2Fchrisdeely%2FForceCORS%2Fissues&dimensions[title]=Issues%20%C2%B7%20chrisdeely%2FForceCORS%20%C2%B7%20GitHub&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F66.0.3359.117%20Safari%2F537.36&dimensions[screen_resolution]=1920x1080&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1486x841&dimensions[tz_seconds]=-14400&dimensions[timestamp]=1525898416766&dimensions[request_id]=D4CC%3A732D%3A74797%3AEABB0%3A5AF35C8F&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=230378&dimensions[user_login]=chrisdeely&dimensions[repository_id]=4441417&dimensions[repository_nwo]=chrisdeely%2FForceCORS&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=4441417&dimensions[repository_network_root_nwo]=chrisdeely%2FForceCORS&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&measures[performance_timing]=1-2-2--965-891-889-262-2-2-2---0---12-251-240--250-248&&&dimensions[cid]=1288727183.1525897357 - net::ERR_BLOCKED_BY_CLIENT
Journal
ForceCORS was unable to modify headers for: https://api.github.com/_private/browser/stats - net::ERR_BLOCKED_BY_CLIENT
NOTE: I don't have added any URL to modify in the option page.
I use:
| Chromium | 66.0.3359.117 |
|---|
Regards 
HTTP_ORIGIN wild card
For
Access-Control-Allow-Origin
It would be nice to pass the current URL so if the value in the settings was:
HTTP_ORIGIN
Then you would replace that with the current url in the header ...
In my nginx.conf file I do this:
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';
Preflight requests
Hi there, first of all thanks for this nice extension.
I have some problems whitelisting non trivial cors requests that trigger cors preflights (to name it, GET with a range header).
The problem is, that the remote endpoint does not support CORS at all an responds to those OPTION requests with 501 (not implemented). I tried to dig into the web request api (https://developer.chrome.com/extensions/webRequest) but there seem to be no option to intercept onErrorOccured nor to create synthetic responses in onBeforeRequest. Before giving up, I wanted to ask If you have an idea to solve this.
hardcore the headers and url in code
unable to hardcore the url and headers in code, please help where to insert the url and header values in the code itself
Does this still work in Chrome Version 48.0.2564.97 m
My responses from a JIRA cloud instance's REST API do not have the access control header set to the value I have added into your plugin UI.
Please help, thanks.
bwb1066
Cannot add Access-Control-Allow-Origin
Env :
Version 77.0.3865.90 (Official Build) Built on Ubuntu , running on LinuxMint 18.2 (64-bit)
ForceCORS Version 1.1
Console error :
Access to XMLHttpRequest at 'https://sso.api.staging-aws.centiva.ca/api/v1/users/login' from origin 'http://connexion.centiva.local' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Settings :
https://sso.api.staging-aws.centiva.ca/*
Is there anything I am doing wrong ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.