Disabling same-origin policy in Safari

Question

For development purposes, I need to disable the same-origin policy in Safari (on Windows) on my machine.

In Chrome, this can be done by launching with the flag --disable-web-security. Is there an equivalent flag or hidden setting in Safari?

score 79 · Answer 1 · answered Jul 06 '16 at 15:45

79

If you want to disable the same-origin policy on Safari (I have 9.1.1), then you only need to enable the developer menu, and select "Disable Cross-Origin Restrictions" from the develop menu.

answered Jul 06 '16 at 15:45

ttemple

1,200
1
11
11

4

This is the correct answer. You must to reload the webpage. – TlmaK0 Dec 23 '16 at 15:12
18

For Germans: "Ursprungsübergreifende Beschränkungen deaktivieren" – Alexander K. J. Schmidt Jul 06 '17 at 08:13
3

Does not work. In Safari 11.0.3 i Disable Cross-origin restrictions and still same. – Feb 09 '18 at 12:35
Works like a charm! – levelone May 04 '18 at 02:04
This works for me with Safari 12.0.3. I also had to clear the cache (with Shortcut or in developer menu --> Empty Caches) + reload the webpage as from @TlmaK0 suggested. – Mario Kurzweil Feb 18 '19 at 14:10
I don't see how this is a "solution" when a huge percentage of the browser market is broken by AAPL. You can't expect millions of people to disable their security policy after reading StackOverflow. Frankly, this breaks 3rd party integrations and I might have to flush weeks of work down the toilet (and lots of troubleshooting between three companies) because of this. – PJ Brunet Oct 21 '19 at 19:19

skymook · Answer 2 · 2018-07-20T12:09:39.397

36

Later versions of Safari allow you to Disable Cross-Origin Restrictions. Just enable the developer menu from Preferences >> Advanced, and select "Disable Cross-Origin Restrictions" from the develop menu.

If you want local only, then you only need to enable the developer menu, and select "Disable local file restrictions" from the develop menu.

edited Jul 20 '18 at 12:09

answered Aug 28 '12 at 11:23

skymook

2,777
27
34

This menu item doesn't exist. I've checked Safari 6.0 and 6.0.2 on Mac OS X Lion, but as you can see [in this screenshot](http://i.stack.imgur.com/iu0sH.png), there's not such an option called "Disable local file restrictions". [Apple's KB article](http://support.apple.com/kb/HT5364) (last edited 16 nov 2012) mentions this feature, but still, it does not exist. – Rob W Jan 12 '13 at 22:47
6

This menu item is in the Develop menu which needs to be enabled in preferences under Advanced "Show Develop menu in menu bar". But it doesn't seem to avoid the the cors issue. – Pyrolistical Feb 06 '13 at 22:38
Rob W: Down vote? I did say that you "need to enable the developer menu", and then you can select "Disable local file restrictions". – skymook Mar 31 '13 at 15:12
1

I'm running Safari 7 on Mavericks. Happy to say this still works. – noamtm May 06 '14 at 18:31
43

The same origin policy and local file restrictions are not the same thing, this answer does not answer the question correctly. – Andrew Plummer May 07 '14 at 02:29
1

you can turn off local file restrictions, but for testing cross-browser stuff with same-origin policy problems use firefox or chrome. For chrome and OS X see here: http://stackoverflow.com/a/6083677/2526914 – Kjell May 09 '14 at 14:43
Please down vote this answer. This does not answer the question. – ninjaneer Jul 08 '15 at 20:07
2

This answer seems to be helping some people with running local files. It won't help with CORS however. Rather than down voting, may I suggest you provide a solution that people can upvote? – skymook Jul 09 '15 at 20:00
1

I want to disable web security for safari in mac osx is it possible – RaviPatidar Aug 12 '15 at 12:01

score 5 · Answer 3 · answered Sep 18 '14 at 21:19

Unfortunately, there is no equivalent for Safari and the argument --disable-web-security doesn't work with Safari.

If you have access to the server side application, you can modify the https response headers to allow access. Mainly the Access-Control-Allow-Origin header. Modifying it will allow Safari to access the resource. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin for more information on the response headers that will help.

Can confirm that sadly Safari has no command line arguments. https://discussions.apple.com/thread/8044532 — Max MacLeod, Feb 12 '20 at 09:47

score 4 · Answer 4 · answered Apr 06 '18 at 19:14

4

goto,

Safari -> Preferences -> Advanced

then at the bottom tick Show Develop Menu in menu bar

then in the Develop Menu tick Disable Cross-Origin Restrictions

answered Apr 06 '18 at 19:14

Pramodya Abeysinghe

552
8
9

2

It works with desktop safari but how to switch this option on mobile device? – kolonitsky Aug 01 '19 at 12:12
not sure whether we have same option on mobile Safari. But Settings -> Safari -> Advanced you may find something – Pramodya Abeysinghe Aug 03 '19 at 17:44

score 2 · Answer 5 · answered Mar 13 '16 at 04:56

2

There is an option to disable cross-origin restrictions in Safari 9, different from local file restrictions as mentioned above.

answered Mar 13 '16 at 04:56

Gofake1

33
5

score 0 · Answer 6 · answered Jan 20 '21 at 03:02

Most of these answers are old. The latest Safari 14.0.2 (in 2021), has the option to Disable Cross-Origin Restrictions, however, it doesn't work if the paths have ../../ kind of path names; even though Safari correctly resolves to a local file path, it still doesn't permit loading the file, even though it exists. This is a recent bug in Safari 14 that didn't happen in 13.

Disabling same-origin policy in Safari

6 Answers6

Linked