Riccardo Coppola

Chrome: Allow Cross-domain requests [OSX and Win]

March 30, 2016


During the development process of an application, we are often required to call services from domains different to the one our application is being served from, using AJAX requests.

This is not possible, as outlined on Wikipedia:

In computing, the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. An origin is defined as a combination of URI scheme, hostname, and port number.


In that case, you need to instruct your browser to “disable” the same-origin-policy check.

Two possible ways:

REM Windows

start chrome --disable-web-security --user-data-dir="C:/temp/chrome_dev"
// OSX

open -na Google\ Chrome --args --disable-web-security --user-data-dir="/tmp/chrome_dev"

Note From Chrome version 22+ you will get an error message that says:

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

You can ignore the message as it won’t affect your session.

Test it!

To prove that the solution is working, open this fiddle and play around with the console open: you will get no errors.

Enjoy Chrome freedom!

Notes on web development, life, learning and the world.