How to Disable Same-Origin Policy in Chrome

By:   –  Last updated:   –  #chrome

Code Theme [Dark]

Content Overview [Hide]

Disabling Same-Origin Policy in Chrome to fix no 'Access-Control-Allow-Origin' header issue.

1 Issue

I was uploading a video to Youtube channel using Google Chrome browser. Then the uploading failed and following error appeared in Chrome's javascript console.

XMLHttpRequest cannot load https://upload.youtube.com/upload/rupio?authuser=0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access.

2 Reason

Web browsers conform to the Same-Origin Policy (SOP) to control HTTP communication between two different origins. Cross-origin reading requests are typically not allowed.

The requested resource can allow cross-origin access by adding some Access-Control HTTP headers to its response according to Cross-Origin Resource Sharing standard.

Obviously there was no Access-Control-Allow-Origin header in the response of my uploading request. So above error raised and uploading failed.

3 Solution

My issue can be fixed in client side by simply disabling Same-Origin Policy in Chrome.

3.1 Windows

Open command prompt and run following command.

$ "C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir="C:\chrome_temp"

3.2 Mac

Open terminal and run Chrome in command line with arguments.

$ open -a /Applications/Google\ Chrome.app --args --disable-web-security --user-data-dir="/tmp/chrome_tmp"

3.3 Linux

Run following command in terminal.

$ google-chrome --disable-web-security --user-data-dir="/tmp/chrome_tmp"

4 Python helper script

Here is a helper script written in Python to launch Chrome with the Same-Origin policy disabled.

#!/user/bin/env python3

import platform
import subprocess

current_os = platform.system()

print("Trying to launch Chrome on {0} with the Same-Origin policy disabled...".format(current_os))

if current_os == "Darwin":
    cmd = 'open -a /Applications/Google\ Chrome.app --args --disable-web-security --user-data-dir="/tmp/chrome_tmp"'
elif current_os == "Windows":
    cmd = '"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir="C:\chrome_temp"'
elif current_os == "Linux":
    cmd = 'google-chrome --disable-web-security --user-data-dir="/tmp/chrome_tmp"'
else:
    cmd = 'echo "Unsupported OS."'

subprocess.run(cmd, shell=True)

The script are tested under Python3.6.