Reviews & Comments of Disable Content-Security-Policy chrome extension

I tried other CORS stuff, but this one seems to do Content Security Policies (CSPs) and avoid Cross-Origin Resource Sharing (CORS) errors in Chrome.

It does not work on a website which adds CSP using HTML meta tag.

There is a small issue - the CSP setting does not remain set. I need to toggle it again and reload the page if I want to see it working. It used to remember its state before.

works like a charm!

Works good

Works perfectly. Thank you very much!

Don't work

Doesn't work, or no longer works.

I observed the following bug: If a website sends a Content-Security-Policy for one request, and then stops sending it for follow-up requests, Chromium still acts as if the old Content-Security-Policy is in effect. This happens if the extension is merely loaded in the browser (not activated by its button). Made me tear my hair out for a bit :)

Doesn't work with latest Chrome

Sadly did not work with latest google chrome, on 302 redirects where csp has been set to ultra hard bad mode.

Doesn't appear to work. There's a work site I'm having trouble with due to a CSP issue. This extension has no effect in disabling those policies; they still appear in the Chrome console and disable the site.

Doesn't work on latest Chromium.

Failed to eliminate CSP policy 'worker-src: none' restriction.

This doesn't work in Chrome 87. It may have at somepoint in the past, but not now :-(

I would like that whitelisting would be enabled! (I only want this for single domain) UPDATE: it stopped working for me in late 2020 :(

Solves the problem. It won’t automatically activate which is a plus on security.

Saved my life, great for development testing.

Doesn't work. I tried this on JIRA Tempo TImesheets and didn't work. CSP from app.tempo.io as still blocked.

Don't know if it's just me, but it seems it stopped working recently... It was working perfectly before.

It doesn't work anymore on Chrome 80.0.3983.2. It shows "Provisional headers are shown" for external network call.

Thanks for uploading this! Simple. Does what it says. Registers a webRequest.onHeadersReceived listeners to clear the value of the CSP header. Exactly what I needed for development.

Working great for my office web.

牛逼！

Works! You have to click the button to activate it. I wish it had more options, like turn on, on a tab by tab basis, on a domain by domain basis, or just globally. currently only turns on/off globally, for all domains and tabs.

Working fine in April/2019. Had issues while logging into an account. It says I have to verify captcha, but didn't show me anything to click on, it was a blank field. So I jumped on google, found this extension, was little worried if it's scam and not doing what it's should do but wow! that's why I wrote this review. Super happy. I installed it, gave it a try. Had to click on its symbol in the plugin toolbar next to the url field. Refreshed the tap and there we go! Super happy, big thanks!

It works fine for importing custom JS (Custom Javascript for Websites 2 is limited to 10KB script sizes so importing from a local server is often a requirement). Also, YOU NEED TO CLICK ON THE EXTENSION TO ENABLE. It's not on by default and I thought it wasn't working -_-

Doesn't work at all....

Intermittent success when using this extension but was a life saver for enabling me to pull data from a 3rd-party URL via a bookmarklet.

Did not find better way to bypass CSP set by HTML publisher in Jenkins.

Didn't work for me (Cordova)

it doesn't work

Great plugin, saved my day, using for Rapportive

Recently I had a problem with loading information of a plugin and this plugin instantly fixed that problem!

Useful widget for testing. Would like to see a more in your face icon or a tab specific/whitelist feature, so it's only enabled on localhost or certain tabs. (Leaving it enabled is not a good thing!)

Useful for a problem with reading robot framework logs in browser.

works for me

Did what it says - and saved the day for me!

Does what it says in the title.