CORS Helper

About

CORS Helper - Developer Tool for Local Testing

⚠️ FOR DEVELOPERS ONLY - This tool bypasses browser security. Use only during development!

🎯 WHAT IT DOES
Bypass CORS (Cross-Origin Resource Sharing) restrictions when testing local applications. Perfect for frontend developers working with APIs on different ports or domains.

✨ KEY FEATURES

Smart Profile System
• Create multiple profiles for different projects
• Domain allowlist per profile
• Quick switch between configurations
• Import/export profiles as JSON

Privacy-First Design
• Debug logging OFF by default
• No tracking or analytics
• No external servers
• All data stored locally
• You control what gets logged

Auto-Off Timer
• 10 minutes, 30 minutes, 2 hours, or infinite
• Countdown badge shows remaining time
• Global mode defaults to 10-min timer for safety
• Never leave CORS accidentally disabled

Domain Management
• Allowlist mode: Only specified domains (recommended)
• Global mode: All domains (use with caution)
• Right-click context menu: "Allow this domain"
• "Allow Active Tab" button for instant access
• Preset buttons for common localhost ports

Debug Logging (Optional)
• Track which requests are modified
• View HTTP status codes and methods
• Preflight failure detection with helpful hints
• Logs capped at 60 entries, stored locally only

Built-In Test Console
• Test API endpoints directly from options page
• Supports GET, POST, PUT, PATCH, DELETE
• Add custom headers to trigger preflight
• View all CORS headers in response
• JSON formatting and error troubleshooting

🎨 USER EXPERIENCE
• Dynamic icons for different modes (off/allowlist/global)
• Keyboard shortcuts for quick actions
• Dark mode support
• Clean, modern interface
• Onboarding wizard for first-time users
• Real-time countdown badge

🔒 SECURITY & PRIVACY
✓ Manifest V3 compliant
✓ No external API calls
✓ No tracking or analytics
✓ Open source code
✓ Data never leaves your browser
✓ Debug logging OFF by default
✓ Clear privacy policy

📋 COMMON USE CASES
1. Test React/Vue/Angular apps with backend APIs on different ports
2. Connect microservices running locally on different ports
3. Test third-party APIs without CORS restrictions
4. Develop Chrome extensions with cross-origin requests
5. Connect local dev server to mobile test devices

⚙️ HOW IT WORKS
Uses Chrome's declarativeNetRequest API to modify response headers:
• Access-Control-Allow-Origin: *
• Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
• Access-Control-Allow-Headers: *
• Access-Control-Expose-Headers: *
• Access-Control-Allow-Credentials: true

🛡️ SAFETY FEATURES
• Auto-off timer prevents leaving CORS disabled
• Visual indicators show current state
• Confirmation dialogs prevent accidents
• Allowlist mode more secure than global
• Per-profile isolation

💡 BEST PRACTICES
• Use Allowlist mode for better security
• Enable Auto-off timer when using Global mode
• Turn on Debug logging only when troubleshooting
• Create separate profiles for different projects
• Disable when not actively testing

⚠️ IMPORTANT DISCLAIMER
FOR DEVELOPMENT USE ONLY. Disabling CORS removes an important browser security feature. Only use during local development on domains you control. Always disable when browsing normally.

🏆 WHY CORS HELPER?
✓ Privacy-focused (no tracking)
✓ Modern Manifest V3
✓ Advanced features (profiles, timer, logging)
✓ Active development
✓ Clean, intuitive UI
✓ Comprehensive documentation

Happy coding! 🎉