๐Ÿ’ฐโญ๐Ÿ“š๐Ÿค
v1.0.0-alpha

๐Ÿ”“ CORS Workaround Guide - Rate Limit Checker

Date: January 17, 2026
Purpose: Guide to resolve CORS blocking when testing APIs with Rate Limit Checker

๐ŸŽฏ THE CORS PROBLEM

Rate Limit Checker runs entirely in the browser (client-side). When testing APIs from different domains, the browser will block requests if the API doesn't have appropriate CORS headers.

Access to fetch at 'https://api.example.com/endpoint' from origin 'https://utilbox.org' 
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present 
on the requested resource.

โœ… SOLUTIONS

Solution 1: Browser Extension (Recommended - Easiest)

Install CORS extension to bypass CORS for utilbox.org

Chrome/Edge:

  1. Install extension: "CORS Unblock" or "Allow CORS: Access-Control-Allow-Origin"
  2. Enable extension
  3. Add https://utilbox.org to whitelist (if option available)
  4. Refresh page and test again

Popular Extensions:

Firefox:

  1. Install extension: "CORS Everywhere"
  2. Enable extension
  3. Refresh page
โš ๏ธ Note:
  • Only enable when testing, disable when not in use (security risk)
  • โœ… This method works with any API, no configuration needed

Solution 2: Chrome Flags (Development Only)

For development/testing only, DO NOT use for production browsing

Windows:

# Close Chrome completely first
# Open Chrome with flags:
chrome.exe --user-data-dir="C:/temp/chrome-dev" --disable-web-security --disable-features=IsolateOrigins,site-per-process

macOS:

# Close Chrome completely first
open -na Google\ Chrome --args --user-data-dir=/tmp/chrome-dev --disable-web-security --disable-features=IsolateOrigins,site-per-process

Linux:

google-chrome --user-data-dir=/tmp/chrome-dev --disable-web-security --disable-features=IsolateOrigins,site-per-process
โš ๏ธ Note:
  • DO NOT use your main profile - create a separate profile (--user-data-dir)
  • Only use for testing, close immediately after use
  • โœ… Works with any API

Solution 3: Test APIs with CORS Enabled

Only test APIs that have CORS enabled

APIs that typically have CORS:

  • โœ… Public APIs (JSONPlaceholder, httpbin.org)
  • โœ… APIs with CORS headers: Access-Control-Allow-Origin: *
  • โœ… Your own APIs (can configure CORS)

Test with httpbin.org:

URL: https://httpbin.org/status/429
Method: GET

This API has CORS enabled, perfect for testing rate limiting.

Solution 4: Local Proxy Server (Advanced)

Create a local proxy server to forward requests

Option A: Simple Node.js Proxy

// proxy-server.js
const express = require('express');
const { createProxyMiddleware } = require('http-proxy-middleware');
const cors = require('cors');

const app = express();
app.use(cors());

app.use('/api', createProxyMiddleware({
  target: 'https://api.example.com',
  changeOrigin: true,
  pathRewrite: { '^/api': '' },
}));

app.listen(3001, () => logger.log('Proxy running on http://localhost:3001'));

Usage:

  • Test with: http://localhost:3001/api/endpoint
  • Proxy will forward to https://api.example.com/endpoint

Option B: ngrok (Public Tunnel)

# Install ngrok
npm install -g ngrok

# Start local proxy
ngrok http 3001

# Use ngrok URL: https://abc123.ngrok.io/api/endpoint

Solution 5: Test Localhost APIs

Test APIs running on localhost (no CORS restrictions)

If you're developing a local API:

URL: http://localhost:3000/api/endpoint
Method: GET

Localhost requests are not blocked by CORS.

๐ŸŽฏ RECOMMENDATIONS

For Developers:

  1. Browser Extension (Solution 1) - Easiest and fastest
  2. Test with httpbin.org (Solution 3) - If you only need to test functionality

For Testing Production APIs:

  1. Browser Extension - Quick solution
  2. Local Proxy (Solution 4) - If you need to test multiple APIs

For Development:

  1. Chrome Flags (Solution 2) - If only testing locally
  2. Localhost APIs (Solution 5) - Best for development

โš ๏ธ SECURITY NOTES

Browser Extensions:

  • โš ๏ธ Only enable when testing
  • โš ๏ธ Disable extension after use
  • โš ๏ธ Do not use for regular browsing

Chrome Flags:

  • โš ๏ธ DO NOT use your main profile
  • โš ๏ธ Close Chrome with flags immediately after testing
  • โš ๏ธ Do not use for production browsing

Proxy Servers:

  • โœ… Safer (only forwards requests)
  • โš ๏ธ Need to trust the proxy server
  • โœ… Can log/audit requests

๐Ÿ”ฎ FUTURE

Planned Solutions (When we have high volume):

  1. Backend Proxy API (/api/proxy)
    • Utilbox server forwards requests
    • Completely resolves CORS
    • Requires rate limiting to prevent abuse
  2. Offline Desktop Tool (Paid)
    • Electron app
    • Test localhost APIs
    • No CORS restrictions
    • Advanced features

๐Ÿ“š REFERENCES

  • Utilbox UI Components Demo

    • โ“ FAQ

    Q: Why is there no built-in proxy?

    A: Proxy servers consume bandwidth costs and risk IP bans. We'll implement this when we have high volume.

    Q: Are extensions safe?

    A: Only use when testing, disable immediately after use. Do not use for regular browsing.

    Q: Is there a way to test without an extension?

    A: Yes, test with APIs that have CORS enabled (httpbin.org) or localhost APIs.

    Q: When will the offline tool be available?

    A: It's in our roadmap, we'll release it when we have sufficient resources and demand.

    Last Updated: January 17, 2026