Browser without cross origin policy to access iframes

Question

I know iterations of this question have been answered a lot, but I couldn't find a valid answer among them

---

I have an iframe and I want to play with it using javascript to test stuff. It's for personal testing only, I don't want it public.

I want a browser that allows me to do this without getting "Uncaught DOMException: Blocked a frame with origin X from accessing a cross-origin frame.

I've tried:

• to open chrome with "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=~/chromeTemp
• to disable all security in Firefox
• to install CORS disabling plugins.

For some reason, the browsers still throw that error.

I know I can write a script in another environment like node to load and manipulate the page, but I want to do it in a browser

So is there a browser that has no cross-domain security, or no security at all, but supports html5 for test purposes?

Answer 1

In recent versions of Chrome (77+), in addition to --disable-web-security, you've have to add the --disable-site-isolation-trials flag to access cross origin frames.

The command line to start Chrome will be something like

chrome.exe --disable-web-security --user-data-dir="C:\Users\Administrator\chrome-profile" --disable-site-isolation-trials

Source: https://www.chromium.org/Home/chromium-security/site-isolation