147

When trying to do a HTTP request using XMLHttpRequest from a local file, it basically fails due to Access-Control-Allow-Origin violation.

However, I'm using the local web page myself, so I was wondering if there is any way to make Google Chrome allow these requests, which are from a local file to a URL on the Internet.

E.g., $.get('http://www.google.com/') fails when executing in a local file, but I've scripted the page myself and I'm using it myself, so it would be extremely useful if I could suppress it and load the URL.

So, how can I allow Google Chrome to load URLs using XMLHttpRequest from local files?

Improve this question
4
  • 1
    Access-Control-Allow-Origin: null by the website works. (ofc. not by google.com) Commented May 27, 2014 at 18:29
  • 3
    @JessamynSmith: The order of answers changes, and the accepted answer may also change, so it's better to link to an answer than saying anything like 'the answer below the accepted answer'. Use the URL that the answer's 'share' link leads to. Commented May 1, 2015 at 2:33
  • 2
    @MichaelScheper Your comment is somewhat irrelevant given that I pasted in the actual command that worked. However, in case there is value in including the link, I deleted and resposted. In modern Chrome, errors look like: XMLHttpRequest cannot load file:///path/to/file/css/base.css. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource. This answer stackoverflow.com/a/4819114/1649165 worked for me, i.e. run chrome from the command line: chrome --allow-file-access-from-files Commented May 1, 2015 at 3:10
  • @JessamynSmith: Sorry you thought my advice was irrelevant. Since you thought a particular answer was relevant, I thought you might like to future-proof your comment. My mistake. Commented May 1, 2015 at 6:05

4 Answers 4

Reset to default
269

Using --disable-web-security switch is quite dangerous! Why disable security at all while you can just allow XMLHttpRequest to access files from other files using --allow-file-access-from-files switch?

Before using these commands be sure to end all running instances of Chrome.

On Windows:

chrome.exe --allow-file-access-from-files

On Mac:

open /Applications/Google\ Chrome.app/ --args --allow-file-access-from-files

Discussions of this "feature" of Chrome:

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

Is it possible to make this the default behavior without having to open a terminal/command line or a custom shortcut every time?
@Kokodoko I think no.
@JoshH I completely agree that it's much better to use local web server for web site development then accessing local files directly by the browser. However the exact question was asked and I've just answered it.
In case someone else is going to try this: this flag is not available/modifyable in chrome://flags
Is it safe to browse internet using this instance? In my case, when I opened the same local file in Iceweasel, there was no error. They don't have the same security check as Chrome does? So I'm guessing it's still okay to surf the web in this browser instance.
|
50

startup chrome with --disable-web-security

On Windows:

chrome.exe --disable-web-security

On Mac:

open /Applications/Google\ Chrome.app/ --args --disable-web-security

This will allow for cross-domain requests.
I'm not aware of if this also works for local files, but let us know !

And mention, this does exactly what you expect, it disables the web security, so be careful with it.

Improve this answer

9 Comments

You can also use Safari on a Mac. It allows AJAX to local files by default when the request is made from a local file. Also, about '.exe', nothing in the Q is said about Windows. Pim is a Windows dev, but still, nothing said about Windows.
Yes I'm on Windows, sorry about that. Will try this out now, thanks. By the way, I'm running Chrome always when my computer is on, so is there a way to only allow cross domain request with local files or only in a specific tab? Because this way, I actually cannot browse the Internet safely at the same time...
I just downloaded the latest Chromium build so as to have a standalone, unsafe version running for testing, and the 'real', installed Chrome for safe Internet browsing. And it does work, thanks!
@Tom - you should be able to do this on Mac with Safari, without any setting changes, as long as you use the "file:///" protocol and not "localhost"
I tried it on Safari 10.1 and it gave me: XMLHttpRequest cannot load file:///<my_local_file>. Cross origin requests are only supported for HTTP. so the statement about Safari browser from this thread is no longer valid.
|
22

Mac version. From terminal run:

open /Applications/Google\ Chrome.app/ --args --allow-file-access-from-files
Improve this answer

3 Comments

it would be nice to have a more permanent solution. This one assumes the user knows in advance and also requires a relaunch of chrome.
This doesn't seem to work any longer in current versions of Chrome.
FWIW it works for me with Chrome 106.0.5249.91 on macOS 12.6 (21G115)
3

On Ubuntu:

chromium-browser --disable-web-security

For more details/switches:

http://peter.sh/experiments/chromium-command-line-switches/

Referenced from

Improve this answer

2 Comments

I think specifying files will be safer ` google-chrome --allow-file-access-from-files ~/foo `
This is a bit broad for the specific use case. But props for a solution regardless

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.