javascript - working - firefox disable cors

Disable same origin policy in Chrome (18)

Don't do this! You're opening your accounts to attacks. Once you do this any 3rd party site can start issuing requests to other websites, sites that you are logged into.

Instead run a local server. It's as easy as opening a shell/terminal/commandline and typing

cd path/to/files
python -m SimpleHTTPServer

Then pointing your browser to


If you find it's too slow consider this solution

Is there any way to disable the Same-origin policy on Google's Chrome browser?

This is strictly for development, not production use.


open -n -a /Applications/Google\ --args --user-data-dir="/tmp/someFolderName" --disable-web-security

Following on Ola Karlsson answer, indeed the best way would be to open the unsafe Chrome in a different session. This way you don't need to worry about closing all of the currently opened tabs, and also can continue to surf the web securely with the original Chrome session.

These batch files should just work for you on Windows.

Put it in a Chrome_CORS.bat file for easy use

start "" "c:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="c:/_chrome_dev" --disable-web-security

This one is for Chrome Canary. Canary_CORS.bat

start "" "c:\Users\%USERNAME%\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --user-data-dir="c:/_canary_dev" --disable-web-security

For Windows:

  1. Open the start menu
  2. Type windows+R or open "Run"
  3. Execute the following command:

    chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

For Mac:

  1. Go to Terminal
  2. Execute the following command:

    open /Applications/Google\ --args --user-data-dir="/var/tmp/Chrome dev session" --disable-web-security

A new web security disabled chrome browser should open with the following message:

For Selenium Webdriver, you can have selenium start Chrome with the appropriate arguments (or "switches") in this case.

 @driver = Selenium::WebDriver.for(:Chrome, { 
       :detach => false,
       :switches => ["--disable-web-security"]

For Windows users:

The problem with the solution accepted here, in my opinion is that if you already have Chrome open and try to run this it won't work.

However, when researching this, I came across a post on Super User, Is it possible to run Chrome with and without web security at the same time?.

Basically, by running the following command (or creating a shortcut with it and opening Chrome through that)

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

you can open a new "insecure" instance of Chrome at the same time as you keep your other "secure" browser instances open and working as normal. Important: delete/clear C:/Chrome dev session folder every time when you open a window as second time --disable-web-security is not going to work. So you cannot save your changes and then open it again as a second insecure instance of Chrome with --disable-web-security.

For Windows:

(using windows 8.1, chrome 44.0)

First, close google chrome.

Then, open command prompt and go to the folder where 'chrome.exe' is.

( for me: 'chrome.exe' is here "C:\Program Files (x86)\Google\Chrome\Application".

So I type: cd C:\Program Files (x86)\Google\Chrome\Application )

now type: chrome.exe --disable-web-security

a new window of chrome will open.

I didn't want to restart Chrome and disable my web security (because I was browsing while developing) and stumbled onto this Chrome extension.

Chrome Web Store Allow-Control-Allow-Origin: *

Basically it's a little toggle switch to toggle on and off the Allow-Access-Origin-Control check. Works perfectly for me for what I'm doing.

EDIT: I tried using the just the other day for another project and it stopped working. Uninstalling and reinstalling the extension fixed it (to reset the defaults).

I use this sometimes, for posting a localhost front-end site to a localhost back-end API (e.g. React to an old .NET API). I created a separate shortcut on my Windows 10 desktop, so that it never is used for normal browsing, only for debugging locally. I did the following:-

  1. Right click on desktop, add new shortcut
  2. Add the target as "[PATH_TO_CHROME]\chrome.exe" --disable-web-security
  3. Click OK.

You will get a warning on load of this browser, that it is not secure, just take care with what you browser on it. I tend to rename this new shortcut on the desktop, something in capital, and move it away from my other icons, so it can't be confused for normal Chrome.

Hope this helps!

If you are using Google Chrome on Linux, following command works.

google-chrome  --disable-web-security

On Windows 10, the following will work.

<<path>>\chrome.exe --allow-file-access-from-files --allow-file-access --allow-cross-origin-auth-prompt

On a Windows PC, use an older version of Chrome and the command will work for all you guys. I downgraded my Chrome to 26 version and it worked.

Yep. For OSX, open Terminal and run:

$ open -a Google\ Chrome --args --disable-web-security --user-data-dir

--user-data-dir required on Chrome 49+ on OSX

For Linux run:

$ google-chrome --disable-web-security

Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.


For Windows go into the command prompt and go into the folder where Chrome.exe is and type

chrome.exe --disable-web-security

That should disable the same origin policy and allow you to access local files.

Update: For Chrome 22+ you will be presented with an error message that says:

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

However you can just ignore that message while developing.

You can simply use this chrome extension Allow-Control-Allow-Origin

just click the icon of the extensnion to turn enable cross-resource sharing ON or OFF as you want

for mac users:

open -a "Google Chrome" --args --disable-web-security --user-data-dir

and before Chrome 48, you could just use:

open -a "Google Chrome" --args --disable-web-security

chromium-browser --disable-web-security --user-data-dir=~/ChromeUserData/