Skip to content

Instantly share code, notes, and snippets.

@n3dst4
Created June 4, 2018 10:38
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save n3dst4/ecd3f8e6e75be5b1d7c082a450e8b76b to your computer and use it in GitHub Desktop.
How to disable same-origin policy (aka CORS checking) in Chrome

You need to run Chrome with two command line flags:

--disable-web-security --user-data-dir

These are kind of documented here: https://peter.sh/experiments/chromium-command-line-switches/

--disable-web-security is the one that turns off the same-origin policy (the name is scarier than the action). Although the docs don't say this, this flag is ignored unless you also specify --user-data-dir. That's because --disable-web-security can be super risky so you shouldn't be surfing in that mode all the time, so Chrome requires you to use an alternative user profile, specified with --user-data-dir. However, you can get away with just giving --user-data-dir and not specifying a dir, and it will use the default one (so you get all your bookmarks, cookies, extension, etc. but --disable-web-security will still feel that honour has been satisfied and tuirn off same-origin policy.

THIS IS LIKE DRIVING WITH NO SEATBELT AND YOUR TRACTION CONTROL TURNED OFF. DON'T JUST DO THIS AND LEAVE IT. YOU WILL GET OWNED.

The good way to do this would be to create a special "testing" profile directory somewhere and use that:

--disable-web-security --user-data-dir="C:\Users\ndecarteret121\AppData\Local\Google\Chrome\Testing"

You can actually run this in parallel with your main profile, keeping the "dangerous" isolated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment