Run Chrome browser without CORS
Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers that controls how web pages from one domain can request resources from another domain. It is a fundamental security mechanism used to protect users and their data from unauthorized access to resources on different origins.
When a web page makes a request to a different domain (different origin), the browser enforces the Same-Origin Policy by default, which prevents the request from succeeding due to security reasons. CORS allows servers to declare which domains are permitted to access their resources through the use of specific HTTP headers.
Here’s a brief overview of how CORS works:
- The browser makes an HTTP request from a web page to a different domain.
- The server receiving the request checks for the presence of specific CORS headers in the incoming request.
- If the request includes the appropriate CORS headers and the server allows the origin (domain) making the request, the server responds with the necessary CORS headers.
- The browser then examines the response’s CORS headers. If they indicate that the request is allowed, the browser proceeds with the response, allowing the web page access to the requested resources.
- If the request is not allowed (due to missing or insufficient CORS headers), the browser blocks the response, preventing the web page from accessing the requested resources.
CORS is an essential security measure that protects users’ data and privacy by preventing unauthorized cross-origin requests. Web developers must configure their servers correctly to include appropriate CORS headers to allow legitimate cross-origin requests, while still maintaining a secure environment for users.
Windows
Just do follow steps:
- Open
Start
window - Search
Run
and open it or pressWindow
+R
- Paste
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
and execute it
This will open a new browser with web security disabled.
You can now access your project in this browser without worrying about the CORS errors.
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
OSX
open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_test" --disable-web-security
Linux
google-chrome --disable-web-security
If you need access to local files for dev purposes like AJAX or JSON, you can use -–allow-file-access-from-files
flag.