DEV Community

Cover image for How to run Google Chrome without CORS
Davide Bellone
Davide Bellone

Posted on • Originally published at code4it.dev on

How to run Google Chrome without CORS

A few days ago I came across a problem: while developing a page I was integrating some external APIs. Those APIs were misconfigured, so running the application on localhost brought me a CORS error.

CORS: a reminder

Just a reminder of what CORS is (taken from MDN web docs):

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own.

In short: let's say that my site is running on my-site.com, and I need access to a resource from another domain (eg: ext-site.com). If the creators of ext-site.com want to allow my-site to use their resources on the browser, they must add an HTTP header that tells the browser that my-site is "authorized" to use their resources.

Running Google Chrome without CORS

Of course, I couldn't update the configurations on API's server, so I was stuck.

Then, after some research, I came across an article by Aleksandr Filatov where the author suggests a way to open Google Chrome without CORS.

You can create a shortcut, as explained in his article. Otherwise, if running Windows 10, you can open a console and run

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=~/chromeTemp
Enter fullscreen mode Exit fullscreen mode

This command opens a new Google Chrome window and allows you to continue with your development.

Google Chrome without CORS screenshot
Google Chrome without CORS

As you can see, there is a warning stating that the flag --disable-web-security can bring security issues. You can just ignore it for local development.

Also, as you can see from the screenshot above, the bookmark bar is empty (because there is no associated user).

If you don't want to work on terminal each time, you can put the script directly into a .bat file, and run it as if it was a simple program.

Top comments (4)

Collapse
 
devdufutur profile image
Rudy Nappée

Or you can use this chrome extension and toggle on/off cors when you need it 😉

chrome.google.com/webstore/detail/...

Collapse
 
bellonedavide profile image
Davide Bellone

Cool stuff! Thank you :)

Collapse
 
steven_kuipers profile image
Steven Kuipers

Why are you disabling hardware acceleration as well? That flag is not necessary to bypass CORS restrictions.

Collapse
 
bellonedavide profile image
Davide Bellone

Oh, it's easy. I forgot to remove it from the final version of the article 😅 Thank you, I'll update that :)