After disabling web security, I still cannot overcome the same origin policy

Question

After disabling web security, I still cannot overcome the same origin policy

I am using google chrome version 43.0.2357.81 on OS X and am trying to display a webpage in an iframe. i.e:

I followed this link for instructions on disabling internet security and found it helpful to display local files in an iframe, but I still run into the same source code error when trying to display scattered web pages.

Disable Same Origin Policy in Chrome

I ran the command open -a Google \ Chrome --args --disable-web-security in a terminal and got a banner message confirming that it worked:

You are using an unsupported command line flag: --disable-web-security. Stability and security will suffer.

However, when I view my webpage in chrome, I still get the same origin error and was unable to view the site in an iframe.

+4

html google-chrome iframe

Joseph D. Goelz 02 jul. 15 at 19:13

source to share

1 answer

Tom · Answer 1 · 2015-12-30T17:24:17+0000

This has nothing to do with Chrome itself; the server you call in the iframe sends back the http header with

X-Frame-Options  SAMEORIGIN

Customization. Even "chrome.exe --user-data-dir = c: \ tmp \ chrome2 --allow-file-access-from-files --disable-web-security" does not disable checking for the same iframe origin in Chrome. The only option you have is to switch your server's X-Frame-Options to

X-Frame-Options  ALLOWALL

(if you can).

After disabling web security, I still cannot overcome the same origin policy

More articles: