After disabling web security I still cannot overcome same origin policy

Question

I am using google chrome version 43.0.2357.81 on OS X and attempting to display a webpage within an iframe. ie:

I followed this link with instructions to disable web security and found it helpful for displaying local files within iframes but I am still encountering the same origin error when trying to display disparate web pages.

Disable same origin policy in Chrome

I ran the command open -a Google\ Chrome --args --disable-web-security in terminal and received the banner message confirming that it worked:

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

However when I view my webpage in chrome I still got a same origin error and was unable to view the site within the iframe.

score 3 · Answer 1 · answered Dec 30 '15 at 17:24

This has nothing to do with Chrome itself; the server you call within the iframe sends back a http header with

X-Frame-Options  SAMEORIGIN

setting. Even "chrome.exe --user-data-dir=c:\tmp\chrome2 --allow-file-access-from-files --disable-web-security" does not disable the iframe same origin check in Chrome. The only option you have is to switch the X-Frame-Options of your server to

X-Frame-Options  ALLOWALL

(if you can).

After disabling web security I still cannot overcome same origin policy

1 Answers1