Chrome Extension Same Origin Policy – How to Disable Same Origin Policy in Chrome Extension

google-chromegoogle-chrome-extensionsame-origin-policy

Maybe are there some settings to disable this in extension context. Since I'm developing an extension it should be my own responsibility to not shoot my own goal. It is very frustrating to fiddle with this security thing that is totally out of reason when developing browser extensions.

I don't want to make whole browser insecure by disabling it globally. just for the scripts that are set in "content_scripts" section in manifest.json

Best Answer

Your manifest.json file should have the domain you're looking to use in the permissions:

"permissions": [
    "http://*.domain.com/"
]

Related Solutions

Disable Same Origin Policy in Chrome – How to Disable

Close chrome (or chromium) and restart with the --disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src="http://google.com" embedded in a page served from "localhost" (tested under chromium 5 / ubuntu). For me the exact command was:

Note : Kill all chrome instances before running command

chromium-browser --disable-web-security --user-data-dir="[some directory here]"

The browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.

From the chromium source:

// Don't enforce the same-origin policy. (Used by people testing their sites.)
const wchar_t kDisableWebSecurity[] = L"disable-web-security";

Before Chrome 48, you could just use:

chromium-browser --disable-web-security

Best Answer

Related Solutions

Disable Same Origin Policy in Chrome – How to Disable

Related Question