How to Run Google Chrome without CORS Restriction

A simple guide on how to start a Google Chrome or Chromium web browser with CORS disabled for development and testing

If you’re a Web developer you probably have a task to test your REST API locally. When you’re using a browser like Google Chrome, you may experience some issues like the following message.

Access to fetch at ‘http://localhost:8080/api’ from origin ‘http://localhost:8000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ’no-cors’ to fetch the resource with CORS disabled.

Don’t worry, it’s actually a good security measure by modern web browsers.

I don’t want to bother you with the details about CORS, you can read it on official documentation. But if you must know, here’s the summary from wikipedia.

Cross-origin resource sharing (CORS) is a mechanism to safely bypass the Same-origin policy, that is, it allows a web page to access restricted resources from a server on a domain different than the domain that served the web page.

An example of a cross-origin request: the front-end JavaScript code served from https://example.com/ uses fetch() to make a request for https://example.org/api/data.json.

Fortunately, it’s easy to bypass CORS restricton from Google Chrome. Just follow one of these guides based on the Operating System you’re currently using.

How to Run Google Chrome without CORS on macOS

Open your Terminal and type the following command to start a new Google Chrome instance without CORS.

open -n "/Applications/Google Chrome.app" --args --user-data-dir="$HOME/chrome-dev-data" --disable-web-security

How to Run Google Chrome without CORS on Windows 11

There are 2 kinds of command-line interpreters on Windows: PowerShell and Command Prompt (cmd.exe). I personally prefer Windows Terminal on modern Windows and it’s using PowerShell by default.

Here’s how to start Google Chrome with CORS disabled with PowerShell.

. "C:\Program Files\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\chrome-dev-data\ --disable-web-security

If you’re still using the Command Prompt / cmd.exe, you can start Google Chrome without CORS with the following command. Notice that I just simply removed the dot as the first character.

"C:\Program Files\Google\Chrome\Application\chrome.exe" --user-data-dir=C:\chrome-dev-data\ --disable-web-security

How to Run Chromium / Google Chrome without CORS on Linux (Ubuntu, Debian, etc.)

On Linux, you can just open the Terminal and use the following command to open a Chrome window without CORS.

chromium --user-data-dir="$HOME/chrome-dev-data" --disable-web-security

I personally use Chromium on a Linux system. If you’re using Google Chrome, simply replace chromium with google-chrome.

Video

I also created a video to show you how to execute the command for each operating system.

Conclusion

That’s all I can show you. You can start a Google Chrome window without CORS enabled and without polluting the main Google Chrome user data.

Thanks for reading and see you next time!