[Solved-6 Solutions] Disable same origin policy in Chrome - javascript tutorial
Problem:
How to disable same origin policy in Chrome ?
Solution 1:
This script is tested under Python3.6.
#!/user/bin/env python3
import platform
import subprocess
current_os = platform.system()
print("Trying to launch Chrome on {0} with the Same-Origin policy disabled...".format(current_os))
if current_os == "Darwin":
cmd = 'open -a /Applications/Google\ Chrome.app --args --disable-web-security --user-data-dir="/tmp/chrome_tmp"'
elif current_os == "Windows":
cmd = '"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir="C:\chrome_temp"'
elif current_os == "Linux":
cmd = 'google-chrome --disable-web-security --user-data-dir="/tmp/chrome_tmp"'
else:
cmd = 'echo "Unsupported OS."'
subprocess.run(cmd, shell=True)
Solution 2:
chromium-browser --disable-web-security --user-data-dirThe browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.
From the chromium source:
// Don't enforce the same-origin policy. (Used by people testing their sites.)
const wchar_t kDisableWebSecurity[] = L"disable-web-security";Solution 3:
For OSX, open Terminal and run:
$ open -a Google\ Chrome --args --disable-web-security --user-data-dir
--user-data-dir required on Chrome 49+ on OSX For Linux run:
$ google-chrome --disable-web-securityAlso if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.
-–allow-file-access-from-filesFor Windows go into the command prompt and go into the folder where Chrome.exe is and type
chrome.exe --disable-web-securitySolution 4:
For Windows, Create a Chrome shortcut on your desktop.
Right-click > properties > Shortcut
Edit "target" path :
"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-securitySolution 5:
- The --disable-web-security is no longer supported in recent chrome versions.
- Allow-Control-Allow-Origin: * - chrome extension partially solved the problem. It works only if your request is using GET method and there's no custom HTTP Header. Otherwise, chrome will send OPTIONS http request as pre-flight request. If the server doesn't support CORS, it will response with 404 HTTP status code. The plugin can't modify the response HTTP status code. So chrome will reject this request. There's no way for chrome plugin to modify the response HTTP status code based on current chrome extension API. You can't do a redirect as well for XHR initiated request.
- Not sure why Chrome makes developers life so difficult. It blocks all the possible ways to disable XSS security check even for development use which is totally un-necessary.
- To use corsproxy. We have two options:
- Use corsproxy.com
- Install corsproxy in local : npm install -g corsproxy
Solution 6:
For Windows:
- Open the start menu
- Type
windows+Ror open "Run"
Execute the following command:
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-securityFor Mac:
open /Applications/Google\ Chrome.app --args --user-data-dir="/var/tmp/Chrome dev session”