After disabling web security, I still cannot overcome the same origin policy
I am using google chrome version 43.0.2357.81 on OS X and am trying to display a webpage in an iframe. i.e:
I followed this link for instructions on disabling internet security and found it helpful to display local files in an iframe, but I still run into the same source code error when trying to display scattered web pages.
Disable Same Origin Policy in Chrome
I ran the command open -a Google \ Chrome --args --disable-web-security in a terminal and got a banner message confirming that it worked:
You are using an unsupported command line flag: --disable-web-security. Stability and security will suffer.
However, when I view my webpage in chrome, I still get the same origin error and was unable to view the site in an iframe.
source to share
This has nothing to do with Chrome itself; the server you call in the iframe sends back the http header with
X-Frame-Options SAMEORIGIN
Customization. Even "chrome.exe --user-data-dir = c: \ tmp \ chrome2 --allow-file-access-from-files --disable-web-security" does not disable checking for the same iframe origin in Chrome. The only option you have is to switch your server's X-Frame-Options to
X-Frame-Options ALLOWALL
(if you can).
source to share