Monday, June 11, 2012

Chrome: Disable same origin policy

Is there a way to disable the same origin policy on Google's Chrome browser? This is strictly for development, not production, use.

Source: Tips4all


  1. Close chrome (or chromium) and restart with the --disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src="" embedded in a page served from "localhost" (tested under chromium 5 / ubuntu). For me the exact command was:

    chromium-browser --disable-web-security

    From the chromium source:

    // Don't enforce the same-origin policy. (Used by people testing their sites.)
    const wchar_t kDisableWebSecurity[] = L"disable-web-security";

  2. Yep. For Mac, open Terminal and run:

    $ open -a Google\ Chrome --args --disable-web-security

    Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.


    For PC go into the command prompt and go into the folder where Chrome.exe is and type

    chrome.exe --disable-web-security

    That should disable the same origin policy and allow you to access local files.

  3. Probably not.

    I use the URL rewriting features of Charles Proxy to map remote HTTP APIs to URLs that appear to point to my development server when I need to do that kind of thing.

  4. For Selenium Webdriver, you can have selenium start Chrome with the appropriate arguments (or "switches") in this case.

    @driver = Selenium::WebDriver.for(:Chrome, {
    :detach => false,
    :switches => [“—disable-web-security”]

  5. Answered in

    1st result for Google: disable same origin policy.