You need to run Chrome with two command line flags:
These are kind of documented here: https://peter.sh/experiments/chromium-command-line-switches/
--disable-web-security is the one that turns off the same-origin policy (the name is scarier than the action). Although the docs don't say this, this flag is ignored unless you also specify
--user-data-dir. That's because
--disable-web-security can be super risky so you shouldn't be surfing in that mode all the time, so Chrome requires you to use an alternative user profile, specified with
--user-data-dir. However, you can get away with just giving
--user-data-dir and not specifying a dir, and it will use the default one (so you get all your bookmarks, cookies, extension, etc. but
--disable-web-security will still feel that honour has been satisfied and tuirn off same-origin policy.
THIS IS LIKE DRIVING WITH NO SEATBELT AND YOUR TRACTION CONTROL TURNED OFF. DON'T JUST DO THIS AND LEAVE IT. YOU WILL GET OWNED.
The good way to do this would be to create a special "testing" profile directory somewhere and use that:
You can actually run this in parallel with your main profile, keeping the "dangerous" isolated.