How to bypass CORS and CSP policies and enable cross-origin requests in a browser

In many cases a browser extension is the best solution. What is a good anti-CORS, anti-CSP extension?

Marian C.
7 min readJun 16, 2024

Every web developer has seen CORS-related errors like:

Access to fetch at '...' from origin '...' has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

There are several ways to bypass the CORS restrictions. The choice of the solution depends on the situation where the CORS-related problems are faced. In this post I discuss the instant solution — a browser extension enabling cross-origin requests.

Now when all kinds of data are available on the web, it happens that one needs to download and then process data from the backend of some web site, e.g. an online shop or official state website. JavaScript is the best choice for web scraping. It is a pleasure to use concise chained JavaScript statements and it is convenient to develop code in a browser and see intermediate data structures nicely displayed in the console.

--

--

Marian C.
Marian C.

Written by Marian C.

Java, JavaScript and SQL developer. Interested in data collection and visualization.