Cross-origin AJAX Requests on Localhost with Chrome
By default, Chrome does not allow cross origin requests via AJAX from your localhost for a variety of security reasons. This is great, but we developers need to test AJAX locally.
Bash
open -a Google\ Chrome --args --disable-web-securityShutdown Chrome, then run the above command in terminal. This will restart the browser without the web security settings blocking AJAX requests across origin. You should now be able to make requests with AJAX for things like json from external APIs. Once you are done testing, just restart Chrome to open it with the default settings again.
Comments (4)
Leave a Reply
This is also useful if you want to test AJAX requests like routes in AngularJS within a PhoneGap app. Because your phone does not have a server running it’s requests will inherently be called from local files and consider a breach of security.
This was a major revelation in my early development with PhoneGap + AngularJS (or any other local AJAX requests for that matter), especially when you’re testing it with a local server instance and then do the build to the phone and find it not work. Debugging blank screens with little in the logs is a nightmare.
Link to commentGreat observation Sam! I’d love to see more of that Angular/Phonegap app. Any chance you can run me through the code?
Link to commentHey Rob, this is Ryan from lunch a couple days ago… Have you had to use cross domain AJAX requests in production? Did you use CORS to do it? Just curious, because we did recently and ended up using a proxy on the same domain instead to get around incompatibilities.
Link to commentWhat kind of incompatibilities Ryan? Issues with IE 8 or 9?
Link to comment