I mean I know I can check it in chrome dev tools for example but I would like to know how can I do it without browser.
I assume you want to check from your operating system. You can install one of the apps below to check the network requests from your computer.
fiddler
wireshark
See this answer for more info.
The Chrome devtools records network requests by hooking into the Chrome implementation.
You're looking for Chrome's new headless mode, which will run Chrome on a server with no UI and let you control and monitor it directly.
I've set up a central WebApi site that will provide general CRUD capability for various sites across our domain. I've configured the whole shebang to utilize CORS with the standard jquery ajax httprequest or, in the case of older IE versions, XDomainRequest. So far, everything checks out, it works splendidly. My problem is that I can't seem to find a machine with IE8 in order to complete user agent testing. The site works wonderfully when I go into the developer tools on IE 11 and set it to emulate IE8 but I'm not ready to pop the champagne cork just yet.
My question is: will the developer tools' IE8 mode fully emulate that browser's behavior, down to the way it handles cross domain requests or do I need to either find a user with IE8 and have them test it or spin up a VM with it?
You can download a virtual machine with IE8 from Microsoft's modern.ie site at http://dev.modern.ie/tools/vms/ and test your site with that.
Firefox and Internet Explorer both have settings where a user may enable forbidden cross-domain calls.
Is there a similar setting or option in Safari and/or Chrome?
Not sure about safari, but Chrome has a command line switch for this:
chrome.exe --disable-web-security
You can view a full list (as of when it was posted!) of command line options for chrome here.
I'm wondering, in IE & Firefox you're able to setup the browser, to allow
cross-domain calls.
I can't find any option in chrome for that (actually, there are in general not too much options at all...)
are there any about:config like things?
Kind Regards
--Andy
This answer was correct when written, but is longer correct, the switch has been deprecated
Chrome has a command line switch for this:
chrome.exe --disable-web-security
You can view a full list (as of when it was posted!) of command line options for chrome here.
No. Sorry.
Chrome and Firefox, however do support cross-domain requests via the W3C CORS spec (Cross Origin resource sharing) however the remote host has to enable it. If the remote host supports it explicitly then you don't have to make any changes to your XMLHttpRequest to be able to fetch the content.
You can install chrome plugins which enable cross-origin resource sharing .
I use this .
I want to develop JavaScript on my Windows machine. Do you know a browser where I can turn off Same Origin Policy so I can develop locally? Firefox would be optimal.
Or if you know a proxy I could use for a SOAP/WSDL site it would be great too.
I am trying to work with the JavaSCript SOAP Client.
UPDATE 6/2012: This used to work at the time of the writing, but obviously no more. Sorry.
In Firefox (might apply to other Gecko-based browsers as well) you can use the following JavaScript snippet to allow cross-domain calls:
if (navigator.userAgent.indexOf("Firefox") != -1) {
try {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
}
catch (e) {
alert("Permission UniversalBrowserRead denied -- not running Mozilla?");
}
}
It looks like there's an issue created in the Chromium issue tracker for achieving the same functionality, so you could try starting Chrome with the argument --disable-web-security. I don't know which builds this works on exactly, but at least Nokia's WRT Tools comes with a Chrome installation that does in fact allow loading content from other sites.
Unfortunately, using the following:
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
has been disabled in Firefox 5.
https://bugzilla.mozilla.org/show_bug.cgi?id=667312
Make a page on your local server that calls the remote server and answer the same as the remote server.
Example, javascript calls local server for a JSON. The local server makes the call to the remote server for that JSON. The local server receives the JSON from the remote server and send it to the javascript.
Using the Chromium 13.07, you can start it with security disabled:
/usr/bin/chromium-browser --disable-web-security
That's on Ubuntu 11, but change the location as your system.
All of the given answers are good ones when it comes to getting around the same origin policy in production.
For development, there is no convenient way to "disable" this security check. There are workarounds (see other answers) or hacks (you could use Greasemonkey to wrap up the JavaScript and use their GM_xmlhttprequest as a temporary measure), but no way to actually "turn it off" as you describe.
i run this command on mac, it works on me when i use google chrome to run my project.
open -a Google\ Chrome --args --disable-web-security --user-data-dir
I have no real experience with this, but FireFox 3.5 allows Cross-Site JS according to the W3C Cross-Origin Resource Sharing Draft.
See: https://developer.mozilla.org/En/HTTP_access_control
Firefox would be optimal.
If you can live with Internet Explorer, you may be able to use an .hta application
http://msdn.microsoft.com/en-us/library/ms536496(VS.85).aspx
(This is one of the ways the Selenium test automation tool deals with the issue)
In Chrome (& Chromium) 48 and above you should add the flag --user-data-dir like this:
chromium-browser --disable-web-security --user-data-dir
And it works.
You can also redirect a local port to the remote server and port via ssh.