Scribd Logo
Upload

Welcome to Scribd!

  • No More CORS

    Uploaded by

    Mariana Madeleyne Valencia Céspedes
    16 views1 page
    This extension allows cross-origin requests by modifying CORS headers for all browser requests. You can activate it by pressing the action button or using the context menu. It overrides the CORS headers and allows all methods by default, but allows configuring which headers to modify or respect server values. Additional features include removing CSP headers and overriding server 4xx errors.

    Original Description:

    Original Title

    No more CORS

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This extension allows cross-origin requests by modifying CORS headers for all browser requests. You can activate it by pressing the action button or using the context menu. It overrides the CORS headers and allows all methods by default, but allows configuring which headers to modify or respect server values. Additional features include removing CSP headers and overriding server 4xx errors.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    16 views1 page

    No More CORS

    Uploaded by

    Mariana Madeleyne Valencia Céspedes
    This extension allows cross-origin requests by modifying CORS headers for all browser requests. You can activate it by pressing the action button or using the context menu. It overrides the CORS headers and allows all methods by default, but allows configuring which headers to modify or respect server values. Additional features include removing CSP headers and overriding server 4xx errors.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    SUMMARY

    This extension bypasses the "XMLHttpRequest" and "fetch" rejections by altering the "Access-
    Control-Allow-Origin" and "Access-Control-Allow-Methods" headers for every request that the
    browser receives. You can activate the extension by pressing the action button. Also, use the right-
    click context menu over the action button to modify which headers the extension manipulates. You
    can also ask the extension not to overwrite these headers when the server returns values for them.

    The default values for the headers:

    Access-Control-Allow-Origin: request initiator or empty


    Access-Control-Allow-Methods": GET, PUT, POST, DELETE, HEAD, OPTIONS, PATCH,
    PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK
    Access-Control-Allow-Methods: request initiator or empty
    Access-Control-Allow-Credentials: true
    Access-Control-Expose-Headers: request initiator or *

    Additional Features:
    1. It can remove the following CSP-related headers:
    "Content-Security-Policy", "Content-Security-Policy-Report-Only", "X-WebKit-CSP" and "X-
    Content-Security-Policy".

    2. It can overwrite the returned 4xx status code from the server. Use this feature when a server does
    not support a method, but you want to pretend it does.

    You might also like