Close chrome (or chromium) and restart with the --disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src='embedded in a page served from 'localhost' (tested under chromium 5 / ubuntu). For me the exact command was: Note: Kill all chrome instances before running command chromium-browser --disable-web-security --user-data-dir='[some directory here]' The browser will warn you that 'you are using an unsupported command line' when it first opens, which you can ignore. From the chromium source: // Don't enforce the same-origin policy.

Enable Flash for Chrome on Windows or Mac (osX) Easily enable Flash in your Chrome browser settings with these steps, for all sites (Step 1-3) or for individual sites (step 1-6). Note: Settings may vary slightly depending on operating system and chrome version. While your browser is open, just click on the Chrome menu at the top left of your screen. Next, click Preferences.

(Used by people testing their sites.) const wchar_t kDisableWebSecurity[] = L'disable-web-security'; Before Chrome 48, you could just use: chromium-browser --disable-web-security. For OSX, open Terminal and run: $ open -a Google Chrome --args --disable-web-security --user-data-dir For Linux run: $ google-chrome --disable-web-security Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too. -–allow-file-access-from-files For Windows go into the command prompt and go into the folder where Chrome.exe is and type chrome.exe --disable-web-security That should disable the same origin policy and allow you to access local files. Update: For Chrome 22+ you will be presented with an error message that says: You are using an unsupported command-line flag: --disable-web-security.

Stability and security will suffer. However you can just ignore that message while developing. For Windows users: The problem with the solution accepted here, in my opinion is that if you already have Chrome open and try to run this it won't work. However, when researching this, I came across a post on Super User,. Eclipse ide and compiler for mac. Basically, by running the following command (or creating a shortcut with it and opening Chrome through that) chrome.exe --user-data-dir='C:/Chrome dev session' --disable-web-security you can open a new 'insecure' instance of Chrome at the same time as you keep your other 'secure' browser instances open and working as normal. Important: delete/clear C:/Chrome dev session folder every time when you open a window as second time --disable-web-security is not going to work.

So you cannot save your changes and then open it again as a second insecure instance of Chrome with --disable-web-security. For windows users with Chrome Version 60.0.3112.78. You do not need to close any chrome instance. • Create a shortcut on your desktop • Right-click on the shortcut and click Properties • Edit the Target property • Set it to 'C: Program Files (x86) Google Chrome Application chrome.exe' --disable-web-security --user-data-dir='C:/ChromeDevSession' • Start chrome and ignore the message that says --disable-web-security is not supported!

BEWARE NOT TO USE THIS PARTICULAR BROWSER INSTANCE FOR BROWSING BECAUSE YOU CAN BE HACKED WITH IT! Seems none of above solutions are actually working. The --disable-web-security is no longer supported in recent chrome versions. Allow-Control-Allow-Origin: * - chrome extension partially solved the problem.

Microsoft office 2016 for mac youtube. It works only if your request is using GET method and there's no custom HTTP Header. Otherwise, chrome will send OPTIONS HTTP request as a pre-flight request. If the server doesn't support CORS, it will respond with 404 HTTP status code.

The plugin can't modify the response HTTP status code. So chrome will reject this request. There's no way for chrome plugin to modify the response HTTP status code based on current chrome extension API. And you can't do a redirect as well for XHR initiated request. Not sure why Chrome makes developers life so difficult. It blocks all the possible ways to disable XSS security check even for development use which is totally unnecessary. After days struggle and research, one solution works perfectly for me: to use corsproxy.