Recently I’ve been developing an AngularJS application that requires access to an api from another sub domain. Since the API is another sub domain, Chrome complains that it is a CORS violation, automatically disallowing the request. This causes the application to hang forever because the route is dependent on calling this api first. What I decided to do was look up how to circumvent CORS in Google Chrome to test that it works correctly. I only need to do this locally, since I already authorized the live production version to work correctly.

The command I found was from a Stack Overflow request.

On Mac: open -a Google\ Chrome --args --disable-web-security --user-data-dir.

On Linux: google-chrome --args --disable-web-security --user-data-dir

On Windows: chrome.exe --args --disable-web-security --user-data-dir

The later versions of Chrome say --disable-web-security has been depreciated, but it still works. The flag --use-data-dir appears to be required for CORS to be disabled.


Currently working on learning more about how to disable in Firefox, Safari, and ie11/edge. I may just commit to using Chrome locally, and checking the production version from the rest of the browsers.