DEV Community

Cover image for How to run Google Chrome without CORS
Davide Bellone
Davide Bellone

Posted on • Originally published at code4it.dev on

3 2

How to run Google Chrome without CORS

#misc #cors #webdev

A few days ago I came across a problem: while developing a page I was integrating some external APIs. Those APIs were misconfigured, so running the application on localhost brought me a CORS error.

CORS: a reminder

Just a reminder of what CORS is (taken from MDN web docs):

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own.

In short: let's say that my site is running on my-site.com, and I need access to a resource from another domain (eg: ext-site.com). If the creators of ext-site.com want to allow my-site to use their resources on the browser, they must add an HTTP header that tells the browser that my-site is "authorized" to use their resources.

Running Google Chrome without CORS

Of course, I couldn't update the configurations on API's server, so I was stuck.

Then, after some research, I came across an article by Aleksandr Filatov where the author suggests a way to open Google Chrome without CORS.

You can create a shortcut, as explained in his article. Otherwise, if running Windows 10, you can open a console and run

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=~/chromeTemp
Enter fullscreen mode Exit fullscreen mode

This command opens a new Google Chrome window and allows you to continue with your development.

Google Chrome without CORS screenshot
Google Chrome without CORS

As you can see, there is a warning stating that the flag --disable-web-security can bring security issues. You can just ignore it for local development.

Also, as you can see from the screenshot above, the bookmark bar is empty (because there is no associated user).

If you don't want to work on terminal each time, you can put the script directly into a .bat file, and run it as if it was a simple program.

profile
Heroku
 Promoted

Heroku

Deploy with ease. Manage efficiently. Scale faster.

Leave the infrastructure headaches to us, while you focus on pushing boundaries, realizing your vision, and making a lasting impression on your users.

Get Started

Top comments (4)

Collapse
 
devdufutur profile image
Rudy Nappée

Or you can use this chrome extension and toggle on/off cors when you need it 😉

chrome.google.com/webstore/detail/...

Collapse
 
bellonedavide profile image
Davide Bellone

Cool stuff! Thank you :)

Collapse
 
steven_kuipers profile image
Steven Kuipers

Why are you disabling hardware acceleration as well? That flag is not necessary to bypass CORS restrictions.

Collapse
 
bellonedavide profile image
Davide Bellone

Oh, it's easy. I forgot to remove it from the final version of the article 😅 Thank you, I'll update that :)

profile
Sentry
 Promoted

The best way to debug slow web pages cover image

The best way to debug slow web pages

Tools like Page Speed Insights and Google Lighthouse are great for providing advice for front end performance issues. But what these tools can’t do, is evaluate performance across your entire stack of distributed services and applications.

Watch video

👋 Kindness is contagious

Engage with a wealth of insights in this thoughtful article, valued within the supportive DEV Community. Coders of every background are welcome to join in and add to our collective wisdom.

A sincere "thank you" often brightens someone’s day. Share your gratitude in the comments below!

On DEV, the act of sharing knowledge eases our journey and fortifies our community ties. Found value in this? A quick thank you to the author can make a significant impact.

Okay