Run Chrome browser without CORS

Beligh Hamdi
2 min readJul 30, 2023

--

Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is a security feature implemented in web browsers that controls how web pages from one domain can request resources from another domain. It is a fundamental security mechanism used to protect users and their data from unauthorized access to resources on different origins.

When a web page makes a request to a different domain (different origin), the browser enforces the Same-Origin Policy by default, which prevents the request from succeeding due to security reasons. CORS allows servers to declare which domains are permitted to access their resources through the use of specific HTTP headers.

Here’s a brief overview of how CORS works:

  1. The browser makes an HTTP request from a web page to a different domain.
  2. The server receiving the request checks for the presence of specific CORS headers in the incoming request.
  3. If the request includes the appropriate CORS headers and the server allows the origin (domain) making the request, the server responds with the necessary CORS headers.
  4. The browser then examines the response’s CORS headers. If they indicate that the request is allowed, the browser proceeds with the response, allowing the web page access to the requested resources.
  5. If the request is not allowed (due to missing or insufficient CORS headers), the browser blocks the response, preventing the web page from accessing the requested resources.

CORS is an essential security measure that protects users’ data and privacy by preventing unauthorized cross-origin requests. Web developers must configure their servers correctly to include appropriate CORS headers to allow legitimate cross-origin requests, while still maintaining a secure environment for users.

Windows

Just do follow steps:

  1. Open Start window
  2. Search Run and open it or press Window+ R
  3. Paste chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security and execute it

This will open a new browser with web security disabled.
You can now access your project in this browser without worrying about the CORS errors.

chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

OSX

open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_test" --disable-web-security

Linux

google-chrome --disable-web-security

If you need access to local files for dev purposes like AJAX or JSON, you can use -–allow-file-access-from-files flag.

--

--