I’ve been doing some Chrome extension development in the past week and as you may or may not know, chrome extensions are allowed to make cross-domain ajax calls. This is allowed because of the Chrome extension permission model which requires a user installing an extension to agree to that the installed application may access your data on the domain in question.
However, by default, the extension only has this capability when the extension is installed and activated (say by clicking on the app icon on the chrome toolbar).
If you’re developing an extension, this means you have to constantly refresh the extension and click the button in order to test your XHR requests.
It turns out, you can start Chrome with a couple of flags that will allow you to simply browse to your files directly and execute cross-domain XMLHttpRequest calls.
For additional ease, I’ve created a shortcut on my desktop with the flags appended. Your shortcut should look something like this:
The Flags
You’ll notice the two flags appended to the shortcut path.
–allow-file-access-from-files
–disable-web-security
Together, both of these flags will allow a developer to test cross-domain ajax requests from a local file.
P.S. I labeled the extension “UNSECURED CHROME” so that I don’t risk always running Chrome with these flags.
adam16ster
December 24, 2011 at 12:48 amis this supposed to work for all operating systems running chrome or just mac/linux?
Joshua McGinnis
December 26, 2011 at 2:08 pmIt should work across all instances.
Erwin Vedar
March 7, 2012 at 12:55 amWow! I didn’t even know this was possible. Might just have saved my piece of the project I’m working on.
AND I was pleasantly surprised to find out you’re a fellow Intuiteer. ๐
Firestryke31
April 18, 2012 at 12:42 pmFor a Windows copy-pasta-able shortcut, no modification needed:
%userprofile%\AppData\Local\Google\Chrome\Application\chrome.exe –allow-file-access-from-files –disable-web-security
If Mac and linux are similar (note I have no idea where chrome installs itself to on Mac/linux and am assuming it’s just their equivalent, so don’t be surprised if this doesn’t work):
~/Google/Chrome/Application/chrome –allow-file-access-from-files –disable-web-security
Also, for your blog comments, I just found that the fancy “clicking in the box clears the default text” is really “clicking in the box clears everything any time you click in it” so I have to use the arrow keys to move back, Shift-arrowkey to highlight, make changes, then arrow key back to the end to continue. It’s kind of annoying. Solution: [pseudocode] if(box.content == “Comment”) clear(); else doNothing();[/pseudocode]
yi2ng2
April 24, 2012 at 5:24 amHey dude, just drop by to say thank you for the trick. A good one ๐
Improving Your HTML5 Mobile Development Experience | photosz
August 8, 2012 at 5:38 am[…] with these switches enabled. The above syntax was lifted from Joshua McGinnisโs excellent blog post on the same […]
Kevin Mack
August 16, 2012 at 2:14 pmI initially could not get this to work on my Windows machine, but tried old_chrome.exe in my “*\Google\Chrome\Application\old_chrome.exe” and it worked. I thought I’d share for anyone that had the same problem
kumar
October 5, 2012 at 4:21 pmThe –disable-web-security does not seem to be working for the current (Oct 5/2012) version of chrome
damselle_in_distress
May 31, 2013 at 5:22 amthanks! ๐
Consuming WCF services using JQuery JSON | Dev @ Work
June 20, 2013 at 3:47 pm[…] browsers will not allow cross-origin requests unless authorized by the server. It is fairly easy to enable cross-origin requests in […]