--disable-web-security
VS --user-data-dir
Also see: https://peter.sh/experiments/chromium-command-line-switches/#disable-web-security
I came across an issue with running google-chrome to render some HTML file, where we are loading fonts from an external URL and to avoid CORS screaming at us we configured it like:
google-chrome --user-data-dir=/tmp/ --disable-web-security