CORS Control in JetBrains Chrome Extension

Vladimir Krivosheev

XMLHttpRequest cannot load http://youtrack.jetbrains.com/rest/user/login. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.

Are you tired to fight it? Don’t want to wait until the system administrators configure the server properly? Don’t want to waste your time setting up a proxy server?

Forget about it.  JetBrains IDE Support (Google Chrome extension) allows you to avoid such errors in one simple step since version 0.9.2. Just open the extension options and add the URL of the resource to “Force CORS” list.

  1. Open chrome://extensions/
  2. Scroll down to JetBrains IDE Support section, click Options

Or

  1. Right click on JetBrains IDE Support browser icon, select Options

You can add a pattern http://*/*, but it is not recommended for security reasons (performance impact is very minimal in any case).

The setting will be active all the time, not only when the JavaScript debugger or LiveEdit is connected to Chrome.

Comments below can no longer be edited.

25 Responses to CORS Control in JetBrains Chrome Extension

  1. Strajk says:

    August 23, 2014

    It’s useful, but IMHO would be more appropriate to create another extension for this… It has nothing to do with JetBrains IDE Support

    > Write programs that do one thing and do it well.

  2. Will says:

    November 4, 2015

    If you ever end up with this error, The ‘Access-Control-Allow-Origin’ header contains multiple values, disable to plug-in to see if you are accidentally shooting yourself in the foot.

  3. Daniel says:

    August 3, 2016

    This is very helpful. I was looking for the past 2 hours how to add cross domain headers and this is a good temporary solution. Thanks

  4. Shantanu says:

    December 21, 2016

    Thanks a lot!! saved my day !!

  5. Trisha Bonnette says:

    May 1, 2017

    Why did this become an issue in the new Webstorm version. It seems I never had this problem before and nothing fixes it except maybe using a node or other server which would be crap.

    • Ekaterina Prigara says:

      May 2, 2017

      Hello Trisha,
      can you please provide a bit more details on the issue you’re having?
      What WebStorm version do you use? Do you see this specific error about “Access-Control-Allow-Origin”?

  6. Trisha Bonnette says:

    May 1, 2017

    Its useless and rather frustrating… tried all combinations

  7. Maximilian Berkmann says:

    November 6, 2017

    Not helpful at all on Chrome and there’s no extensions like that for Opera.

    • lena_spb says:

      November 6, 2017

      Please can you elaborate on this? what problems using CORs with Chrome have you faced? What Webstorm version do you use?

  8. koen cornelis says:

    March 30, 2018

    Why not allow the webstorm user to set headers he/she needs?

    • Ekaterina Prigara says:

      April 4, 2018

      The built-in server that we have in the IDE is very simple and it mostly targets only one use case – previewing the HTML pages and very simple apps with zero configuration. At the moment we don’t have any plans to make it more customizable.

  9. Bob Ray says:

    July 17, 2018

    “No ‘Access-Control-Allow-Origin’

    I had this trouble with an Ajax request in a test file I was using. It happened because the “View in Browser” function in PhpStorm used a different port than the default port.

    I found two solutions:

    1. View in Browser and note the port number. Add that port number to the URL for the Ajax request.

    2. View the test file in your browser, outside of PhpStorm.

  10. Ajit says:

    August 5, 2019

    Extention stopped working after I upgraded my chrome browser.
    Under Options->”whitespace- or comma-separated”, “Apply” buttons does not save patterns. Seems to be broken.

    • Ekaterina Prigara says:

      August 5, 2019

      Hello, we haven’t need actively maintaining the JetBrains IDE Support Chrome extension because it is no longer required for debugging apps with WebStorm in Chrome and we are considering deprecating it completely.
      Can you please let us know how do you use the extension? Do you debug apps from WebStorm? Do you use the IDE’s built-in server? Thanks!

      • Ajit says:

        August 6, 2019

        Thanks for the reply. we are using IDE’s built-in Server along with javascript debugger. We need to set “Access-Control-Allow-Origin” header some http patterns. Jetbrain Chrome extension was working before I upgraded my browser. We do not want to use chrome’s javascript debugger. Please do let us know any other option to work this around.

        Thanks

        • Ekaterina Prigara says:

          August 14, 2019

          Sorry for the delayed reply. After some investigation, we have found out that This is A result of the new Chrome’s security policy that disallows Cross-Origin Requests in the extensions: https://www.chromium.org/Home/chromium-security/extension-content-script-fetches
          We have a feature request about allowing to configure a Access-Control-Allow-Origin header in the WebStorm’s built-in web server: https://youtrack.jetbrains.com/issue/WEB-34525 Please vote for it and follow it for the updates.
          As a workaround, you can disable security in the browser by passing a `–disable-web-security` flag to it.
          WebStorm by default starts debugging your apps in a new instance of Chrome without using an additional extension, so you can pass the flag only to that new instance: go to the IDE Preferences | Tools | Web Browsers – select on Chrome and then click on the Edit icon; add –disable-web-security to the Command Line Options field.
          If you have previously enabled the option Use Chrome Extension in Preferences | Build, Execution, Deployment | Debugger | Live Edit, please disable it.
          Hope it helps!

          • Lucio Paiva says:

            November 3, 2019

            Thanks, Ekaterina! Your solution worked for me, but I also had to first close my running Chrome instance. Also, passing only `–disable-web-security` was not enough; I also had to select the option “Use custom user data directory” (the default value provided by Webstorm worked fine for me: `/Users/myuser/Library/Preferences/WebStorm2019.2/chrome-user-data`). macOS Catalina (10.15) here, running Webstorm 2019.2.3 Build #WS-192.6817.13.

            • Ekaterina Prigara says:

              November 4, 2019

              Thanks for giving it a try and sharing the additional steps!

  11. Ajit says:

    August 5, 2019

    Chrome version that I am using is Version 76.0.3809.87 (Official Build) (64-bit)

  12. Ajit says:

    August 6, 2019

    Thanks for the reply. we are using IDE’s built-in Server along with javascript debugger. We need to set “Access-Control-Allow-Origin” header some http patterns. Jetbrain Chrome extension was working before I upgraded my browser. We do not want to use chrome’s javascript debugger. Please do let us know any other option to work this around.

    Thanks

  13. Dennis Megarry says:

    August 9, 2019

    Guess I am not the only one! Been struggling with this all day and I see JetBrains has not responded.. ugh

    Happy “No Work” Friday people!

    • Ekaterina Prigara says:

      August 13, 2019

      I’m sorry that I haven’t replied promptly. In the future, if you have problems with the product, please contact product technical support or file a new issue on our tracker – I try my best to help users in the blog comment, but it’s not the main support channel. Thanks for understanding!

    • Ekaterina Prigara says:

      August 14, 2019

      After some investigation, we have found out that This is A result of the new Chrome’s security policy that disallows Cross-Origin Requests in the extensions: https://www.chromium.org/Home/chromium-security/extension-content-script-fetches
      We have a feature request about allowing to configure a Access-Control-Allow-Origin header in the WebStorm’s built-in web server: https://youtrack.jetbrains.com/issue/WEB-34525 Please vote for it and follow it for the updates.
      As a workaround, you can disable security in the browser by passing a `–disable-web-security` flag to it.
      WebStorm by default starts debugging your apps in a new instance of Chrome without using an additional extension, so you can pass the flag only to that new instance: go to the IDE Preferences | Tools | Web Browsers – select on Chrome and then click on the Edit icon; add –disable-web-security to the Command Line Options field.
      If you have previously enabled the option Use Chrome Extension in Preferences | Build, Execution, Deployment | Debugger | Live Edit, please disable it.
      Hope it helps!

      • Cyb3rh4ck says:

        February 12, 2020

        Thank’s, it worked for me!!

  14. Jamie Milne says:

    April 8, 2020

    Worked for me too!

    I am using PyCharm:
    File -> Settings -> Tools -> Web Browsers -> Highlight Chrome -> Edit
    Command Line Entry:
    –disable-web-security

    Close Chrome -> Pycharm -> run -> debug -> opens in chrome and now shows Bootstrap .css ,

    Thanks!