CORS Everywhere — spenibus

Repositories
GitHub
GitLab

This is a firefox addon that allows the user to enable CORS everywhere by altering http responses.

Note

• It is important to understand that this addon does not actually disable any kind of security within Firefox.
  It merely alters http requests to make the browser believe the server has answered favorably.
  This means the http requests have to be valid and follow the CORS rules.
• This addon is now a WebExtension.
• Android is untested therefore not officially supported.
  Android platform support #15
• In Firefox 74.0, the addon can not operate on local files (using the file:/// protocol). This is apparently fixed in 75.0.
  Firefox 74.0 #32

Usage

The addon's functionality can be toggled with the included button and is disabled by default. The button can be found by right-clicking a toolbar and choosing customize. It is labelled CorsE and has 3 states:

• red, addon is disabled, CORS rules are upheld.
• green, addon is enabled, CORS rules are bypassed.
• green/red, addon is enabled and using the activation whitelist, CORS rules are bypassed when the origin url matches a filter in the whitelist.

A basic CORS test is available in the repository at ./_test/cors-everywhere-test.html.

Intended for developers. Use at your own risk.

Options

Available in about:addons.

• Enabled at startup Enables this addon on startup.
• Force value of "access-control-allow-origin" Self explanatory.
• Activation whitelist When the addon is enabled, this will check the origin url against the whitelist to decide if headers will be modified. Uses regular expressions.

FAQ

The addon is enabled but the requests return content as if no user was logged in the target domain. Try using withCredentials.