SyntaxFix

[google-chrome] Disable-web-security in Chrome 48+

I have a problem with the --disable-web-security flag. It is not working in Chrome 48 and Chrome 49 beta on Windows.

I've tried killing all of the instances, reboot and run Chrome with the flag first of all, tried different machines as well. In the beta I can see the warning popup ("You are using unsupported flag.."), but CORS is still being enforced. Public version seems to ignore the flag completely.

There seems to be no news or people reports about that, so it might be a local issue. Will be grateful for help or any related info.

This question is related to google-chrome security same-origin-policy

The answer is

The version 49.0.2623.75 (64-bit) is not in beta anymore.

The command to fix the CORS issue is google-chrome-stable --disable-web-security --user-data-dir

From Chorme v81 the params --user-data-dir= requires an actual parameter, whereas in the past it didn't. Something like this works fine for me 

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="\tmp\chrome_test"

For Mac, using Safari is a good alternate option for local development purpose and the feature is built into the browser (so no need to add browser extension or launch Chrome using bash command like [open -a Google\ Chrome --args --disable-web-security --user-data-dir=""].

To disable cross origin restriction using Safari (v11+): From menu click “Develop > Disable Cross Origin Restriction”.

This does not require relaunching the browser and since its a toggle you can easily switch to secure mode.

The chosen answer is good, but for those who are still struggling with what they are talking about(your first time dealing with this issue), the following worked for me.

I created a new shortcut to Chrome on my desktop, right clicked it, and set the "Target" field to the following,

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="c:/chromedev"

The directory can be anything you want, I decided to make an empty folder called chrome dev in my C: directory. It has nothing to do where chrome is installed on your computer. It's just a fluff type thing.

This link also has clear directions for other OSes. How to disable web securityin Chrome

For Chrome Version 50+ for Mac Users. Close all opened chrome first and run the below command

open -a Google\ Chrome --args --disable-web-security --user-data-dir=""

The above will work. Thanks

It working for me. Try using this..it will help you out..

c:\Program Files\Google\Chrome\Application>chrome.exe --disable-web-security --user-data-dir="D:\chrome"

Mac OS:

open -a Google\ Chrome --args --disable-web-security --user-data-dir=

UPD: add = to --user-data-dir because newer chrome versions require it in order to work

In a terminal put these:

cd C:\Program Files (x86)\Google\Chrome\Application

chrome.exe --disable-web-security --user-data-dir="c:/chromedev"

I'm seeing the same thing. A quick google found this question and a bug on the chromium forums. It seems that the --user-data-dir flag is now required. Edit to add user-data-dir guide

As of the date of this answer (March 2020) there is a plugin for chrome called CORS unblock that allows you to skip that browser policy. The 'same origin policy' is an important security feature of browsers. Please only install this plugin for development or testing purposes. Do not promote its installation in end client browsers because you compromise the security of users and the chrome community will be forced to remove this plugin from the store.

Install This Chrome-plugin for Disable-web-security in Chrome::

" Allow-Control-Allow-Origin: * " link Here or you can google above plugin if you want.

it is very easy to enable and disable the security with this plugin.

On OS X, to open a new Chrome window - without having to close the already open windows first - pass in the additional -n flag. Make sure to specify empty string for data-dir (necessary for newer versions of Chrome, like v50 something+).

open -na /Applications/Google\ Chrome.app/ --args --disable-web-security --user-data-dir=""

I found that using Chrome 60+ on Mac OS X Sierra, the above command no longer worked, but a slight modification does:

open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_sess_1" --disable-web-security

The data directory path is important. Even if you're standing in your home directory when issuing the command, you can't simply refer to a local directory. It needs to be an absolute path.

Source: Stackoverflow.com

Examples related to google-chrome

SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 81 SameSite warning Chrome 77 What's the net::ERR_HTTP2_PROTOCOL_ERROR about? session not created: This version of ChromeDriver only supports Chrome version 74 error with ChromeDriver Chrome using Selenium Jupyter Notebook not saving: '_xsrf' argument missing from post How to fix 'Unchecked runtime.lastError: The message port closed before a response was received' chrome issue? Selenium: WebDriverException:Chrome failed to start: crashed as google-chrome is no longer running so ChromeDriver is assuming that Chrome has crashed WebDriverException: unknown error: DevToolsActivePort file doesn't exist while trying to initiate Chrome Browser How to make audio autoplay on chrome How to handle "Uncaught (in promise) DOMException: play() failed because the user didn't interact with the document first." on Desktop with Chrome 66?

Examples related to security

Monitoring the Full Disclosure mailinglist Two Page Login with Spring Security 3.2.x How to prevent a browser from storing passwords JWT authentication for ASP.NET Web API How to use a client certificate to authenticate and authorize in a Web API Disable-web-security in Chrome 48+ When you use 'badidea' or 'thisisunsafe' to bypass a Chrome certificate/HSTS error, does it only apply for the current site? How does Content Security Policy (CSP) work? How to prevent Screen Capture in Android Default SecurityProtocol in .NET 4.5

Examples related to same-origin-policy

XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header Disable-web-security in Chrome 48+ How to enable CORS on Firefox? SecurityError: Blocked a frame with origin from accessing a cross-origin frame Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not? Disable firefox same origin policy Catch error if iframe src fails to load . Error :-"Refused to display 'http://www.google.co.in/' in a frame.." Cross Domain Form POSTing How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags? Disabling same-origin policy in Safari

Tags

Cascading Nscombobox Admin-generator Datapersistance Urlbinding Mips32 Alex Portal Mysql-5.0 Common-access-card Datamapper Delphi-2009 E-ink Render Simpy Gettime Lasso-regression Vanity-url Codesignkey Iocp Icustomtypedescriptor Svk Xgettext C++builder-xe Easyb Trafficshaping Jquery.support Nmock Expressionengine Begininvoke Mono-service Soapui Days Aspect-ratio Web.sitemap Digg Gnupg Steganography Infopath-2007 S2k Flexbox Vc90 Document-preview Lts Line-numbers Openx Mgrammar Self-tracking-entities Packets Step-through Busyindicator Createuser Turbo-c++ Dyndns Ghostscript Encryption-symmetric Array-map Oraclereports Terminology Pkcs#8 Try-catch-finally Embedded-container Rowname Gui-design Geocaching Dependencies Frameset-iframe Moma Phonetics Getelementsbyname Lldb Jboss5.x Futex Copy-constructor Opengl-4 Point Multitouch-keyboard Changelistener Wsse Data-aware Loadoptions Xhtmlrenderer Oauth-2.0 Swc X86-64 Msdtc Mysqladmin Typemock Mpi Sql-server-express Marray Sigqueue Ablecommerce Command-pattern Sdl-mixer Web-publishing Sourcesafe-6.0 Directed-acyclic-graphs Linda Finally