Test APIs bypassing CORS

I’ve been struggling for a couple of days to get this app I am working on to POST on to its back-end.  After tons of tries, many Stackoverflow reads and ajax call property reset, I got to the working solution, and I want to share it the community so that the next person doesn’t have to waste time.

Here is plain and simple, add this flag to the Chrome call (if you use Chrome):

--user-data-dir="C:/Chrome dev session" --disable-web-security

Explanation: CORS (Cross-Origin Resource Sharing) is a rule by which a call to an API from an app no residing on the same domain is rejected.  Unless the API server is set to accept calls from any app.  This rule is mainly enforced by the browser, without going too deep into the details of how this works, the best way to avoid this while developing , is to disable web security in the browser.

In doing so, it turns out that that the most recent Chrome versions do not accept the “–disable-web-security” flag by itself, you must also set the user data directory.  Therefore, create a directory of your choice and ad this flag along with the previous one: –user-data-dir=”my-data-directory”.

For some reason running this

“Chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security”

from the command line, it doesn’t work as well as creating a shortcut with this command in its target.  Here are the steps:

  • Create a user data directory of your choice
  • Create a shortcut on your desktop pointing to the Chrome.exe app
  • Right-click on it, select the Shortcut tab and on the Target field, add this to the end of the existing field: –user-data-dir=”C:/Chrome dev session” –disable-web-security.  The Target field should look something like this:
     "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session" --disable-web-security

One last and important thing: make sure to close all Chrome instances before clicking on the newly created shortcut to open Chrome with disabled web security.

I hope this helps.