Disable-web-security in Chrome 48

Question

I have a problem with the --disable-web-security flag  It is not working in Chrome 48 and Chrome 49 beta on Windows   I ve tried killing all of the instances  reboot and run Chrome with the flag first of all  tried different machines as well  In the beta I can see the warning popup   You are using unsupported flag      but CORS is still being enforced  Public version seems to ignore the flag completely    There seems to be no news or people reports about that  so it might be a local issue   Will be grateful for help or any related info

User · Answer

For Chrome Version 50  for Mac Users  Close all opened chrome first and run the below command  open -a Google  Chrome --args --disable-web-security --user-data-dir      The above will work  Thanks

User · Answer

For Mac  using Safari is a good alternate option for local development purpose and the feature is built into the browser  so no need to add browser extension or launch Chrome using bash command like  open -a Google  Chrome --args --disable-web-security --user-data-dir       To disable cross origin restriction using Safari  v11    From menu click    Develop   Disable Cross Origin Restriction       This does not require relaunching the browser and since its a toggle you can easily switch to secure mode

User · Answer

From Chorme v81 the params --user-data-dir  requires an actual parameter  whereas in the past it didn t  Something like this works fine for me    C  Program Files  x86  Google Chrome Application chrome exe  --disable-web-security --user-data-dir   tmp chrome test

User · Answer

Install This Chrome-plugin for Disable-web-security in Chrome      Allow-Control-Allow-Origin      link Here or you can google above plugin if you want   it is very easy to enable and disable the security with this plugin

User · Answer

As of the date of this answer  March 2020  there is a plugin for chrome called CORS unblock that allows you to skip that browser policy  The  same origin policy  is an important security feature of browsers  Please only install this plugin for development or testing purposes  Do not promote its installation in end client browsers because you compromise the security of users and the chrome community will be forced to remove this plugin from the store

User · Answer

The version 49 0 2623 75  64-bit  is not in beta anymore   The command to fix the CORS issue is   google-chrome-stable --disable-web-security --user-data-dir

User · Answer

I m seeing the same thing  A quick google found this question and a bug on the chromium forums  It seems that the --user-data-dir flag is now required  Edit to add user-data-dir guide

User · Answer

The chosen answer is good  but for those who are still struggling with what they are talking about your first time dealing with this issue   the following worked for me   I created a new shortcut to Chrome on my desktop  right clicked it  and set the  Target  field to the following    C  Program Files  x86  Google Chrome Application chrome exe  --disable-web-security --user-data-dir  c  chromedev    The directory can be anything you want  I decided to make an empty folder called chrome dev in my C  directory  It has nothing to do where chrome is installed on your computer  It s just a fluff type thing   This link also has clear directions for other OSes  How to disable web securityin Chrome

User · Answer

On OS X  to open a new Chrome window - without having to close the already open windows first - pass in the additional -n flag  Make sure to specify empty string for data-dir  necessary for newer versions of Chrome  like v50 something     open -na  Applications Google  Chrome app  --args --disable-web-security --user-data-dir      I found that using Chrome 60  on Mac OS X Sierra  the above command no longer worked  but a slight modification does   open -n -a  Applications Google  Chrome app Contents MacOS Google  Chrome --args --user-data-dir   tmp chrome dev sess 1  --disable-web-security   The data directory path is important  Even if you re standing in your home directory when issuing the command  you can t simply refer to a local directory  It needs to be an absolute path

User · Answer

Mac OS   open -a Google  Chrome --args --disable-web-security --user-data-dir   UPD  add   to --user-data-dir because newer chrome versions require it in order to work

User · Answer

It working for me  Try using this  it will help you out    c  Program Files Google Chrome Application gt chrome exe --disable-web-security --user-data-dir  D  chrome

User · Answer

Update 2020-04-30 As of Chrome 81  it is mandatory to pass both --disable-site-isolation-trials and a non-empty profile path via --user-data-dir in order for --disable-web-security to take effect    MacOS open -na Google  Chrome --args --user-data-dir  tmp temporary-chrome-profile-dir --disable-web-security --disable-site-isolation-trials   Speculation  It is likely that Chrome requires a non-empty profile path to mitigate the high security risk of launching the browser with web security disabled on the default profile  See --user-data-dir  vs --user-data-dir  some path for more details below  Thanks to  Sn  bj  rn for the Chrome 81 tip in the comments   Update 2020-03-06 As of Chrome 80  possibly even earlier   the combination of flags --user-data-dir  tmp some-path --disable-web-security --disable-site-isolation-trials no longer disables web security  It is unclear when the Chromium codebase regressed  but downloading an older build of Chromium  following  quot Not-so-easy steps quot  on the Chromium download page  is the only workaround I found  I ended up using Version 77 0 3865 0  which properly disables web security with these flags   Original Post 2019-11-01 In Chrome 67   it is necessary to pass the --disable-site-isolation-trials flag alongside arguments --user-data-dir  and --disable-web-security to truly disable web security  On MacOS  the full command becomes  open -na Google  Chrome --args --user-data-dir  --disable-web-security --disable-site-isolation-trials  Regarding --user-data-dir Per David Amey s answer  it is still necessary to specify --user-data-dir  for Chrome to respect the --disable-web-security option  --user-data-dir  vs --user-data-dir  some path Though passing in an empty path via --user-data-dir  works with --disable-web-security  it is not recommended for security purposes as it uses your default Chrome profile  which has active login sessions to email  etc  With Chrome security disabled  your active sessions are thus vulnerable to additional in-browser exploits  Thus  it is recommended to use an alternative directory for your Chrome profile with --user-data-dir  tmp chrome-sesh or equivalent  Credit to  James B for pointing this out in the comments  Source This fix was discoreved within the browser testing framework Cypress  https   github com cypress-io cypress issues 1951

User · Answer

In a terminal put these   cd C  Program Files  x86  Google Chrome Application  chrome exe --disable-web-security --user-data-dir  c  chromedev

[google-chrome] Disable-web-security in Chrome 48+

Examples related to google-chrome

Examples related to security

Examples related to same-origin-policy