CrossSession Sandbox - Multi-Account & CORS Manager

About

Product Overview Tired of constantly logging in and out or struggling with CORS restrictions during development? CrossSession Sandbox is a powerful Chrome extension that allows you to manage multiple isolated browsing environments ("sandboxes") within a single browser profile. Seamlessly balance your professional accounts and development tasks with ease.

[Key Features] 

🌐 Multi-Account Sandboxing: Create unlimited isolated environments with separate cookie sessions. Access multiple accounts on the same website simultaneously without the need for numerous incognito windows.

🔄 Smart Domain Switching: The extension automatically remembers your sandbox preference for each domain. Once set, it will automatically activate the correct sandbox the next time you visit that site.

🔓 CORS Bypass for Developers: Enable "CORS Bypass" on specific sandboxes to automatically remove Cross-Origin Resource Sharing restrictions, simplifying your API testing and debugging process.

⏱️ Auto-Destruct Timer: Set expiration times for temporary sessions. The sandbox and all its associated data will be automatically deleted when the timer runs out.

✨ Modern & Intuitive UI: Manage your sessions effortlessly through a clean popup interface or quick-access context menus.

[Why You Should Install]

Instant Account Swapping: Swap logged-in accounts on any website without incognito windows.

Developer Tools: Advanced CORS bypass features specifically for development and debugging.

Privacy Centric: All settings and data are stored locally on your device under a Zero Knowledge policy.

[CORS Bypass Capabilities] 
Solved Scenarios:
● Standard CORS: Injects Access-Control-Allow-Origin: * to allow cross-origin AJAX fetches. 
● Wildcard and Credentials Conflict: Removes Access-Control-Allow-Credentials when necessary. 
● Iframe Embedding: Removes X-Frame-Options and Content-Security-Policy (frame-ancestors) headers. 
● Modern Isolation: Strips CORP, COEP, and COOP headers to bypass security mitigation blocks. 
● Private Network Access (PNA): Enables localhost access by injecting Access-Control-Allow-Private-Network: true. 
● Basic Anti-Hotlinking: Anonymizes resource requests by stripping Referer and Origin headers.

Limitations:
● Strict Server Whitelisting: Fails if a server strictly requires a valid, specific Referer. 
● Server-Side Logic: Cannot bypass IP-based blocking, OAuth tokens, or TLS fingerprinting. 
● Canvas Tainting: Internal security models may still block image data manipulation.
Changelog:
v1.0.1: Bug fixed