[Solved-6 Solutions] Disable same origin policy in Chrome - javascript tutorial


How to disable same origin policy in Chrome ?

Solution 1:

This script is tested under Python3.6.

#!/user/bin/env python3

import platform
import subprocess

current_os = platform.system()

print("Trying to launch Chrome on {0} with the Same-Origin policy disabled...".format(current_os))

if current_os == "Darwin":
    cmd = 'open -a /Applications/Google\ Chrome.app --args --disable-web-security --user-data-dir="/tmp/chrome_tmp"'
elif current_os == "Windows":
    cmd = '"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir="C:\chrome_temp"'
elif current_os == "Linux":
    cmd = 'google-chrome --disable-web-security --user-data-dir="/tmp/chrome_tmp"'
    cmd = 'echo "Unsupported OS."'

subprocess.run(cmd, shell=True)

Solution 2:

chromium-browser --disable-web-security --user-data-dir

The browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.

From the chromium source:

// Don't enforce the same-origin policy. (Used by people testing their sites.)
const wchar_t kDisableWebSecurity[] = L"disable-web-security";

Solution 3:

For OSX, open Terminal and run:

$ open -a Google\ Chrome --args --disable-web-security --user-data-dir

--user-data-dir required on Chrome 49+ on OSX For Linux run:

$ google-chrome --disable-web-security

Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.


For Windows go into the command prompt and go into the folder where Chrome.exe is and type

chrome.exe --disable-web-security

Solution 4:

For Windows, Create a Chrome shortcut on your desktop.

Right-click > properties > Shortcut

Edit "target" path :

"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security

Solution 5:

  • The --disable-web-security is no longer supported in recent chrome versions.
  • Allow-Control-Allow-Origin: * - chrome extension partially solved the problem. It works only if your request is using GET method and there's no custom HTTP Header. Otherwise, chrome will send OPTIONS http request as pre-flight request. If the server doesn't support CORS, it will response with 404 HTTP status code. The plugin can't modify the response HTTP status code. So chrome will reject this request. There's no way for chrome plugin to modify the response HTTP status code based on current chrome extension API. You can't do a redirect as well for XHR initiated request.
  • Not sure why Chrome makes developers life so difficult. It blocks all the possible ways to disable XSS security check even for development use which is totally un-necessary.
  • To use corsproxy. We have two options:
    1. Use corsproxy.com
    2. Install corsproxy in local : npm install -g corsproxy

Solution 6:

For Windows:

  • Open the start menu
  • Type windows+R or open "Run"

Execute the following command:

chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

For Mac:

open /Applications/Google\ Chrome.app --args --user-data-dir="/var/tmp/Chrome dev session”

Related Searches to Disable same origin policy in Chrome - javascript tutorial