During the development process of an application, we are often required to call services from domains different to the one our application is being served from, using AJAX requests.
This is not possible, as outlined on Wikipedia:
In computing, the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. An origin is defined as a combination of URI scheme, hostname, and port number.
In that case, you need to instruct your browser to “disable” the same-origin-policy check.
Two possible ways:
- install a Chrome extension: Allow-Control-Allow-Origin: *
- start a new instance of Chrome with the right flags
REM Windows start chrome --disable-web-security --user-data-dir="C:/temp/chrome_dev"
// OSX open -na Google\ Chrome --args --disable-web-security --user-data-dir="/tmp/chrome_dev"
Note From Chrome version 22+ you will get an error message that says:
You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.
You can ignore the message as it won’t affect your session.
To prove that the solution is working, open this fiddle and play around with the console open: you will get no errors.
Enjoy Chrome freedom!