javascript - Disable same origin policy in Chrome

ID : 496

viewed : 273

Tags : javascriptajaxgoogle-chromejavascript

Top 5 Answer for javascript - Disable same origin policy in Chrome

vote vote


Close chrome (or chromium) and restart with the --disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src="" embedded in a page served from "localhost" (tested under chromium 5 / ubuntu). For me the exact command was:

Note : Kill all chrome instances before running command

chromium-browser --disable-web-security --user-data-dir="[some directory here]" 

The browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.

From the chromium source:

// Don't enforce the same-origin policy. (Used by people testing their sites.) const wchar_t kDisableWebSecurity[] = L"disable-web-security"; 

Before Chrome 48, you could just use:

chromium-browser --disable-web-security 
vote vote


Yep. For OSX, open Terminal and run:

$ open -a Google\ Chrome --args --disable-web-security --user-data-dir 

--user-data-dir required on Chrome 49+ on OSX

For Linux run:

$ google-chrome --disable-web-security 

Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.


For Windows go into the command prompt and go into the folder where Chrome.exe is and type

chrome.exe --disable-web-security 

That should disable the same origin policy and allow you to access local files.

Update: For Chrome 22+ you will be presented with an error message that says:

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

However you can just ignore that message while developing.

vote vote


For Windows users:

The problem with the solution accepted here, in my opinion is that if you already have Chrome open and try to run the chrome.exe --disable-web-security command it won't work.

However, when researching this, I came across a post on SuperĀ User, Is it possible to run Chrome with and without web security at the same time?.

Basically, you need to add to the command and run it like this instead (or create a shortcut with it and run a new Chrome instance through that)

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security 

which will open a new "insecure" instance of Chrome at the same time as you keep your other "secure" browser instances open and working as normal.

This works by creating a new folder/directory "Chrome dev session" under C: and tells this new Chrome instance to use that folder/directory for its user and session data. Because of this, the new instance is separated from your "normal" Chrome data and your bookmarks and other saved data will not be available in this instance.

Note: only the first "new" instance of Chrome opened with this method, is effected, hence it is only the first tab in the first new Chrome window, which is effected. If you close that instance, you can use the same command again and for example any bookmarks to your local app or similar will still be there as it's pointing to the same folder.

If you want to run multiple "insecure" instances, each one will need its own folder/directory, so you will need to runt he command again with a different folder name. This however also means that each insecure instance will be separated from the others, so any bookmarks or other saves user or session data will not be available across instances.

vote vote


For Windows:

  1. Open the start menu

  2. Type windows+R or open "Run"

  3. Execute the following command:

     chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security 

For Mac:

  1. Go to Terminal

  2. Execute the following command:

     open /Applications/Google\ --args --user-data-dir="/var/tmp/Chrome dev session" --disable-web-security 

A new web security disabled chrome browser should open with the following message:

enter image description here

For Mac

If you want to open new instance of web security disabled Chrome browser without closing existing tabs then use below command

open -na Google\ Chrome --args --user-data-dir=/tmp/temporary-chrome-profile-dir --disable-web-security 

It will open new instance of web security disabled Chrome browser as shown below

enter image description here

vote vote


Using the current latest chrome **Version 96.0.4664.45 (Official Build) (64-bit) **

windows : click the start button then copy paste the below (change the D:\temp to your liking).:

chrome.exe  --disable-site-isolation-trials --disable-web-security --user-data-dir="D:\temp" 

Linux : start a terminal then run the below command (change the ~/tmp directory to your liking)

google-chrome --disable-site-isolation-trials --disable-web-security --user-data-dir="~/tmp" 

Note : This solution will start chrome in an isolated sandbox and it will not affect the main chrome profile.

Top 3 video Explaining javascript - Disable same origin policy in Chrome