Working with Access-Control-Allow-Origin

When developing Ajax applications on local machine you may face this error on almost all browsers that cross referring a link from other domain is not allowed. This is mentioned as the “Access-Control-Allow-Origin” on Google Chrome. To work around this issue, temporarily – yes temporarily as this may make your system unsafe – you need to run Chrome with following argument – “–disable-web-security”.

On Linux you can use the following command to sun Google Chrome with web security disabled –

/usr/bin/google-chrome --disable-web-security

On Windows machine you can create a shortcut to Google Chrome and add the above mentioned flag in the command line.

Please remember that do not use your browser for browsing non-trusted sites in this mode. Only use this for testing and development purpose only. This is for your security only.

Update: If you have access to the file server which you are accessing from a different server, then you can use “.htaccess” directive also to allow access from a domain or all domains.

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"

Suppose you are accessing file “xyz” hosted on server “One” from server “Two” then you need to add the .htaccess directive in the directory of the server “One” to which you want to allow remote access.

To restrict the access from specific domains only you can specify the domain name(s) in place of “*” separated with comma like –,

One Comment

  1. If you want to use cookie in request then you don’t use Access-Control-Allow-Origin ‘*’ because Access-Control-Allow-Credentials true doesn’t work with wildcard in Origin and you need to precisely specify Origin.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill in the missing value below: * Time limit is exhausted. Please reload the CAPTCHA.