DEV Community

loading...
Cover image for How to run Google Chrome without CORS

How to run Google Chrome without CORS

bellons91 profile image Davide Bellone Originally published at code4it.dev on ・2 min read

A few days ago I came across a problem: while developing a page I was integrating some external APIs. Those APIs were misconfigured, so running the application on localhost brought me a CORS error.

CORS: a reminder

Just a reminder of what CORS is (taken from MDN web docs):

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own.

In short: let's say that my site is running on my-site.com, and I need access to a resource from another domain (eg: ext-site.com). If the creators of ext-site.com want to allow my-site to use their resources on the browser, they must add an HTTP header that tells the browser that my-site is "authorized" to use their resources.

Running Google Chrome without CORS

Of course, I couldn't update the configurations on API's server, so I was stuck.

Then, after some research, I came across an article by Aleksandr Filatov where the author suggests a way to open Google Chrome without CORS.

You can create a shortcut, as explained in his article. Otherwise, if running Windows 10, you can open a console and run

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=~/chromeTemp

This command opens a new Google Chrome window and allows you to continue with your development.

Google Chrome without CORS screenshot
Google Chrome without CORS

As you can see, there is a warning stating that the flag --disable-web-security can bring security issues. You can just ignore it for local development.

Also, as you can see from the screenshot above, the bookmark bar is empty (because there is no associated user).

If you don't want to work on terminal each time, you can put the script directly into a .bat file, and run it as if it was a simple program.

Discussion (4)

pic
Editor guide
Collapse
devdufutur profile image
Rudy Nappée

Or you can use this chrome extension and toggle on/off cors when you need it 😉

chrome.google.com/webstore/detail/...

Collapse
bellons91 profile image
Davide Bellone Author

Cool stuff! Thank you :)

Collapse
steven_kuipers profile image
Steven Kuipers

Why are you disabling hardware acceleration as well? That flag is not necessary to bypass CORS restrictions.

Collapse
bellons91 profile image
Davide Bellone Author

Oh, it's easy. I forgot to remove it from the final version of the article 😅 Thank you, I'll update that :)