Disable same origin policy in Chrome

Question

Is there any way to disable the Same-origin policy on Google's Chrome browser?

Answer 1

Close chrome (or chromium) and restart with the --disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src="http://google.com" embedded in a page served from "localhost" (tested under chromium 5 / ubuntu). For me the exact command was:

Note : Kill all chrome instances before running command

chromium-browser --disable-web-security --user-data-dir="[some directory here]" 

The browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.

From the chromium source:

// Don't enforce the same-origin policy. (Used by people testing their sites.) const wchar_t kDisableWebSecurity[] = L"disable-web-security"; 

---

Before Chrome 48, you could just use:

chromium-browser --disable-web-security 

Answer 2

Yep. For OSX, open Terminal and run:

$ open -a Google\ Chrome --args --disable-web-security --user-data-dir 

--user-data-dir required on Chrome 49+ on OSX

For Linux run:

$ google-chrome --disable-web-security 

Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.

--allow-file-access-from-files 

For Windows go into the command prompt and go into the folder where Chrome.exe is and type

chrome.exe --disable-web-security 

That should disable the same origin policy and allow you to access local files.

Update: For Chrome 22+ you will be presented with an error message that says:

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

However you can just ignore that message while developing.