Close chrome (or chromium) and restart with the --disable-web-securityargument. I just tested this and verified that I can access the contents of an iframe with src="http://google.com" embedded in a page served from "localhost" (tested under chromium 5 / ubuntu). For me the exact command was:

关闭铬（或铬）并使用--disable-web-security参数重新启动。我刚刚对此进行了测试，并验证了我可以访问嵌入在“localhost”（在chromium 5 / ubuntu 下测试）提供的页面中的 src="http://google.com" 的 iframe 的内容。对我来说，确切的命令是：

Note : Kill all chrome instances before running command

注意：在运行命令之前杀死所有 chrome 实例

chromium-browser --disable-web-security --user-data-dir="[some directory here]"

The browser will warn you that "you are using an unsupported command line" when it first opens, which you can ignore.

浏览器在第一次打开时会警告您“您正在使用不受支持的命令行”，您可以忽略它。

From the chromium source:

从铬来源：

// Don't enforce the same-origin policy. (Used by people testing their sites.)
const wchar_t kDisableWebSecurity[] = L"disable-web-security";

Before Chrome 48, you could just use:

在 Chrome 48 之前，您可以使用：

chromium-browser --disable-web-security

Yep. For OSX, open Terminal and run:

是的。对于 OSX，打开终端并运行：

$ open -a Google\ Chrome --args --disable-web-security --user-data-dir

--user-data-dir required on Chrome 49+ on OSX

--user-data-dir 在 OSX 上的 Chrome 49+ 上需要

For Linux run:

对于 Linux 运行：

$ google-chrome --disable-web-security

Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.

此外，如果您出于 AJAX 或 JSON 等开发目的尝试访问本地文件，也可以使用此标志。

-–allow-file-access-from-files

For Windows go into the command prompt and go into the folder where Chrome.exe is and type

对于 Windows，进入命令提示符并进入 Chrome.exe 所在的文件夹并键入

chrome.exe --disable-web-security

That should disable the same origin policy and allow you to access local files.

这应该禁用同源策略并允许您访问本地文件。

Update:For Chrome 22+ you will be presented with an error message that says:

更新：对于 Chrome 22+，您将看到一条错误消息，内容为：

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

您正在使用不受支持的命令行标志：--disable-web-security。稳定性和安全性将受到影响。

However you can just ignore that message while developing.

但是，您可以在开发时忽略该消息。

For Windows users:

对于 Windows 用户：

The problem with the solution accepted here, in my opinion is that if you already have Chrome open and try to run this it won't work.

在我看来，这里接受的解决方案的问题是，如果您已经打开 Chrome 并尝试运行它，它将无法正常工作。

However, when researching this, I came across a post on Super User, Is it possible to run Chrome with and without web security at the same time?.

然而，在研究这个时，我发现了一篇关于超级用户的帖子，是否可以同时运行有和没有网络安全的 Chrome？.

Basically, by running the following command (or creating a shortcut with it and opening Chrome through that)

基本上，通过运行以下命令（或用它创建一个快捷方式并通过它打开 Chrome）

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

you can open a new "insecure" instance of Chrome at the same time as you keep your other "secure" browser instances open and working as normal. Important: delete/clear C:/Chrome dev sessionfolder every time when you open a window as second time --disable-web-securityis not going to work. So you cannot save your changes and then open it again as a second insecure instance of Chrome with --disable-web-security.

您可以在保持其他“安全”浏览器实例打开并正常工作的同时打开一个新的“不安全”Chrome 实例。 重要提示：C:/Chrome dev session每次打开窗口时删除/清除文件夹，因为第二次--disable-web-security将不起作用。因此，您无法保存更改，然后将其作为第二个不安全的 Chrome 实例再次打开--disable-web-security。

For Windows:

对于Windows：

1. Open the start menu
2. Type windows+Ror open "Run"

3. Execute the following command:

   chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
   

1. 打开开始菜单
2. 输入windows+R或打开“运行”

3. 执行以下命令：

   chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security
   

For Mac:

对于Mac：

1. Go to Terminal

2. Execute the following command:

   open /Applications/Google\ Chrome.app --args --user-data-dir="/var/tmp/Chrome dev session" --disable-web-security
   

1. 前往终端

2. 执行以下命令：

   open /Applications/Google\ Chrome.app --args --user-data-dir="/var/tmp/Chrome dev session" --disable-web-security
   

A new web security disabled chrome browser should open with the following message:

一个新的网络安全禁用 chrome 浏览器应该打开并显示以下消息：

For windowsusers with Chrome Versions 60.0.3112.78 (the day the solution was tested and worked) and at least until today 19.01.2019 (ver. 71.0.3578.98). You do notneed to close any chrome instance.

对于使用Chrome 版本 60.0.3112.78（解决方案经过测试和工作的那天）和至少到今天 19.01.2019（版本 71.0.3578.98）的Windows用户。你并不需要关闭任何Chrome实例。

1. Create a shortcut on your desktop
2. Right-click on the shortcut and click Properties
3. Edit the Target property
4. Set it to "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:/ChromeDevSession"
5. Start chrome and ignorethe message that says --disable-web-security is not supported!

1. 在桌面上创建快捷方式
2. 右键单击快捷方式，然后单击属性
3. 编辑目标属性
4. 将其设置为"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:/ChromeDevSession"
5. 启动 chrome 并忽略不支持 --disable-web-security 的消息！

BEWARE NOT TO USE THIS PARTICULAR BROWSER INSTANCE FOR BROWSING BECAUSE YOU CAN BE HACKED WITH IT!

请注意不要使用此特定浏览器实例进行浏览，因为它可能会被黑客入侵！

EDIT 3: Seems that the extension no longer exists...Normally to get around CORS these days I set up another version of Chrome with a separate directoryor I use Firefox with https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/instead.

编辑 3：似乎扩展不再存在......通常为了绕过 CORS，这些天我设置了另一个版本的 Chrome 和一个单独的目录，或者我使用 Firefox 和https://addons.mozilla.org/en-US/ firefox/addon/cors-everywhere/代替。

EDIT 2: I can no longer get this to work consistently.

编辑 2：我无法再让它始终如一地工作。

EDIT: I tried using the just the other day for another project and it stopped working. Uninstalling and reinstalling the extension fixed it (to reset the defaults).

编辑：我前几天尝试将它用于另一个项目，但它停止工作。卸载并重新安装扩展修复了它（重置默认值）。

Original Answer:

原答案：

I didn't want to restart Chrome and disable my web security (because I was browsing while developing) and stumbled onto this Chrome extension.

我不想重新启动 Chrome 并禁用我的网络安全（因为我在开发时正在浏览）并偶然发现了这个 Chrome 扩展程序。

Chrome Web Store Allow-Control-Allow-Origin: *
(https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en)

Chrome 网上应用店 Allow-Control-Allow-Origin：*
(https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en)

Basically it's a little toggle switch to toggle on and off the Allow-Access-Origin-Control check. Works perfectly for me for what I'm doing.

基本上它是一个小切换开关，用于打开和关闭 Allow-Access-Origin-Control 检查。非常适合我正在做的事情。

Seems none of above solutions are actually working. The --disable-web-securityis no longer supported in recent chrome versions.

似乎上述解决方案都没有实际工作。本-禁用网络安全是近年来铬版本不再支持。

Allow-Control-Allow-Origin: * - chrome extensionpartially solved the problem. It works only if your request is using GET method and there's no custom HTTP Header. Otherwise, chrome will send OPTIONS HTTP request as a pre-flight request. If the server doesn't support CORS, it will respond with 404 HTTP status code. The plugin can't modify the response HTTP status code. So chrome will reject this request. There's no way for chrome plugin to modify the response HTTP status code based on current chrome extension API. And you can't do a redirect as well for XHR initiated request.

Allow-Control-Allow-Origin: * - chrome 扩展部分解决了这个问题。它仅在您的请求使用 GET 方法并且没有自定义 HTTP 标头时才有效。否则，chrome 将发送 OPTIONS HTTP 请求作为飞行前请求。如果服务器不支持 CORS，它将以 404 HTTP 状态代码响应。该插件无法修改响应 HTTP 状态代码。所以chrome会拒绝这个请求。chrome 插件无法根据当前的 chrome 扩展 API 修改响应 HTTP 状态代码。而且您也不能对 XHR 发起的请求进行重定向。

Not sure why Chrome makes developers life so difficult. It blocks all the possible ways to disable XSS security check even for development use which is totally unnecessary.

不知道为什么 Chrome 会让开发者的生活变得如此艰难。它阻止了所有可能的禁用 XSS 安全检查的方法，即使是完全没有必要的开发用途。

After days struggle and research, one solution works perfectly for me: to use corsproxy. You have two options here: 1. use [https://cors-anywhere.herokuapp.com/]2. install corsproxy in the local box: npm install -g corsproxy

经过几天的努力和研究，一种解决方案对我来说非常有效：使用corsproxy。您在这里有两个选择：1. 使用 [ https://cors-anywhere.herokuapp.com/]2. 在本地框中安装 corsproxy：npm install -g corsproxy

[Updated on Jun 23, 2018]Recent I'm developing an SPA app which need to use corsproxy again. But seem none of the corsproxy on the github can meet my requirement.

[2018 年 6 月 23 日更新]最近我正在开发一个需要再次使用 corsproxy 的 SPA 应用程序。但是似乎github上的corsproxy都不能满足我的要求。

• need it to run inside firewall for security reason. So I can't use https://cors-anywhere.herokuapp.com/.
• It has to support https as chrome will block no-https ajax request in an https page.
• I need to run on nodejs. I don't want to maintain another language stack.

• 出于安全原因需要它在防火墙内运行。所以我不能使用https://cors-anywhere.herokuapp.com/。
• 它必须支持 https，因为 chrome 会阻止 https 页面中的 no-https ajax 请求。
• 我需要在 nodejs 上运行。我不想维护另一种语言堆栈。

So I decide to develop my own version of corsproxy with nodejs. It's actually very simple. I have published it as a gist on the github. Here is the source code gist: https://gist.github.com/jianwu/8e76eaec95d9b1300c59596fbfc21b10

所以我决定用 nodejs 开发我自己的 corsproxy 版本。其实很简单。我已将其作为要点发布在 github 上。这是源代码要点：https: //gist.github.com/jianwu/8e76eaec95d9b1300c59596fbfc21b10

• It's in plain nodejs code without any additional dependencies
• You can run in http and https mode (by passing the https port number in command line), to run https, you need to generate cert and key and put them in the webroot directory.
• It also serves as static file server
• It supports pre-flight OPTION request as well.

• 它是普通的 nodejs 代码，没有任何额外的依赖
• 可以在http和https模式下运行（通过命令行传递https端口号），运行https需要生成cert和key放在webroot目录下。
• 它还充当静态文件服务器
• 它还支持飞行前 OPTION 请求。

To start the CORSProxy server (http port 8080): node static_server.js 8080

启动 CORSProxy 服务器（http 端口 8080）： node static_server.js 8080

to access the proxy: http://host:8080/http://www.somesite.com

访问代理： http://host:8080/http://www.somesite.com

For Windows... create a Chrome shortcut on your desktop.
Right-click > properties > Shortcut
Edit "target" path :

对于 Windows... 在桌面上创建一个 Chrome 快捷方式。
右键单击 > 属性 > 快捷方式
编辑“目标”路径：

"C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security

(Change the 'C:....\chrome.exe' to where ever your chrome is located).

（将 'C:....\chrome.exe' 更改为您的 chrome 所在的位置）。

et voilà :)

等等 :)

Try this command on Mac terminal-

在 Mac 终端上试试这个命令——

open -n -a "Google Chrome" --args --user-data-dir=/tmp/temp_chrome_user_data_dir http://localhost:8100/ --disable-web-security 

It opens another instance of chrome with disabled security and there is no CORS issue anymore. Also, you don't need to close other chrome instances anymore. Change localhost URL to your's one.

它打开另一个具有禁用安全性的 chrome 实例，并且不再有 CORS 问题。此外，您不再需要关闭其他 chrome 实例。将 localhost URL 更改为您的 URL。

I find the best way to do this is duplicate a Chrome or Chrome Canary shortcut on your windows desktop. Rename this shortcut to "NO CORS" then edit the properties of that shortcut.

我发现最好的方法是在 Windows 桌面上复制 Chrome 或 Chrome Canary 快捷方式。将此快捷方式重命名为“NO CORS”，然后编辑该快捷方式的属性。

in the target add --disable-web-security --user-data-dir="D:/Chrome"to the end of the target path.

在目标中添加--disable-web-security --user-data-dir="D:/Chrome"到目标路径的末尾。

your target should look something like this:

你的目标应该是这样的：

Update:New Flags added.

更新：添加了新标志。

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="D:/Chrome"