Stephen Quick

How to disable Chrome Web Security for development

July 26, 2016

Recently I’ve been developing an AngularJS application that requires access to an api from another sub domain. Since the API is another sub domain, Chrome complains that it is a CORS violation, automatically disallowing the request. This causes the application to hang forever because the route is dependent on calling this api first. What I decided to do was look up how to circumvent CORS in Google Chrome to test that it works correctly. I only need to do this locally, since I already authorized the live production version to work correctly.

The command I found was from a Stack Overflow request.

On Mac: open -a Google\ Chrome --args --disable-web-security --user-data-dir.

On Linux: google-chrome --args --disable-web-security --user-data-dir

On Windows: chrome.exe --args --disable-web-security --user-data-dir

The later versions of Chrome say --disable-web-security has been depreciated, but it still works. The flag --use-data-dir appears to be required for CORS to be disabled.


Currently working on learning more about how to disable in Firefox, Safari, and ie11/edge. I may just commit to using Chrome locally, and checking the production version from the rest of the browsers.

Stephen Quick

Written by Stephen Quick, a software developer based in Houston, Texas.