ForceCORS is a Google Chrome extension which allows you to selectively apply CORS Headers to any web server responses you choose. This is extremely helpful when developing a web application that makes Ajax/XHR requests.
The extension requires you to specify the domains that you wish to monitor and allows you to explicitly define the headers to be added. This is preferable to completely disabling XHR security in your browser, which is a big security hole.
***Regarding Permissions***
In order to allow you to append headers to ANY arbitrary location, this extension requires access to intercept ANY web request. However, by default the extension does NOT monitor any web traffic. Only URLs you specifically whitelist will be read by the extension, and only headers that YOU specify will be appended.
Note: Headers added by this extension will not appear in the DevTools “Network” panel due to a known Chrome bug: https://code.google.com/p/chromium/issues/detail?id=258064
This extension is open source under the MIT License and can be found on GitHub: https://github.com/chrisdeely/ForceCORS
Very useful extension, thanks! Own settings for specific url patterns are great, and all works fine.
This extension made my developer’s life MUCH easier. The competing extensions worked OK on some points but failed at customizability (e.g. setting Access-Control-Allow-Origin to a non-default value).
Doesn’t work. No instructions. No explanation. Entering items does nothing. Links to docs are broken. Don’t know what to say. Tried it three times now.
Works nicely. Very useful that you can set the Access-Control-Allow-Origin header to something other than * – so it can be used in conjunction with withCredentials true!
The other reviews are correct. This extension is no longer functional.
Doesn’t work and its a waste of time since there are no notes about the fact that it just doesn’t work with the latest Chrome.
Doesn’t work in latest Chrome
Great! Instead forcing CORS for all URLs, this tool allows for better configurability, and only enable CORS for -some- URLs