We did notice today an issue in automatic detection of zip code based on the user s location. I is not working in Chrome but when i open the url in Chrome it didn't work. We had to configure the sites to https and then it works ok.
Example : https://where-am-i.live works well with SSL certificate but without https it is not working in Chrome.
https://developer.mozilla.org/en-US/docs/Web/API/Geolocation_API
This feature is available only in secure contexts (HTTPS), in some or
all supporting browsers.
I'm pretty aware of this warning that being shown when attempting to ask permission of using the Mic on non HTTPS origins using chrome.
getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
So my question is there a way to test, demo, sandbox, etc this feature of HTML5 in chrome without having to buy/install/configure or create a ssl certificate ?
I read something on SO about localhost being treated as a secure origin over http (just tested this with chrome 48 and it's not working).
Is there a way to use IP's (e.g : 192.168.1.2) instead of example.com when using this chrome flag ?
--unsafely-treat-insecure-origin-as-secure="example.com"
I was hoping google chrome socket connections from a chrome extension would go through the proxy settings of the browser but it does not seem to be the case.
Any idea of how could I automagically connect to a server and let chrome bothering with the proxy ?
Currently you can't, but we expect that this will be possible using a network proxy API when the bug http://crbug.com/172285 gets implemented.
If you want, star the issue to follow the development.
I'm wondering, in IE & Firefox you're able to setup the browser, to allow
cross-domain calls.
I can't find any option in chrome for that (actually, there are in general not too much options at all...)
are there any about:config like things?
Kind Regards
--Andy
This answer was correct when written, but is longer correct, the switch has been deprecated
Chrome has a command line switch for this:
chrome.exe --disable-web-security
You can view a full list (as of when it was posted!) of command line options for chrome here.
No. Sorry.
Chrome and Firefox, however do support cross-domain requests via the W3C CORS spec (Cross Origin resource sharing) however the remote host has to enable it. If the remote host supports it explicitly then you don't have to make any changes to your XMLHttpRequest to be able to fetch the content.
You can install chrome plugins which enable cross-origin resource sharing .
I use this .
I want to develop JavaScript on my Windows machine. Do you know a browser where I can turn off Same Origin Policy so I can develop locally? Firefox would be optimal.
Or if you know a proxy I could use for a SOAP/WSDL site it would be great too.
I am trying to work with the JavaSCript SOAP Client.
UPDATE 6/2012: This used to work at the time of the writing, but obviously no more. Sorry.
In Firefox (might apply to other Gecko-based browsers as well) you can use the following JavaScript snippet to allow cross-domain calls:
if (navigator.userAgent.indexOf("Firefox") != -1) {
try {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
}
catch (e) {
alert("Permission UniversalBrowserRead denied -- not running Mozilla?");
}
}
It looks like there's an issue created in the Chromium issue tracker for achieving the same functionality, so you could try starting Chrome with the argument --disable-web-security. I don't know which builds this works on exactly, but at least Nokia's WRT Tools comes with a Chrome installation that does in fact allow loading content from other sites.
Unfortunately, using the following:
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
has been disabled in Firefox 5.
https://bugzilla.mozilla.org/show_bug.cgi?id=667312
Make a page on your local server that calls the remote server and answer the same as the remote server.
Example, javascript calls local server for a JSON. The local server makes the call to the remote server for that JSON. The local server receives the JSON from the remote server and send it to the javascript.
Using the Chromium 13.07, you can start it with security disabled:
/usr/bin/chromium-browser --disable-web-security
That's on Ubuntu 11, but change the location as your system.
All of the given answers are good ones when it comes to getting around the same origin policy in production.
For development, there is no convenient way to "disable" this security check. There are workarounds (see other answers) or hacks (you could use Greasemonkey to wrap up the JavaScript and use their GM_xmlhttprequest as a temporary measure), but no way to actually "turn it off" as you describe.
i run this command on mac, it works on me when i use google chrome to run my project.
open -a Google\ Chrome --args --disable-web-security --user-data-dir
I have no real experience with this, but FireFox 3.5 allows Cross-Site JS according to the W3C Cross-Origin Resource Sharing Draft.
See: https://developer.mozilla.org/En/HTTP_access_control
Firefox would be optimal.
If you can live with Internet Explorer, you may be able to use an .hta application
http://msdn.microsoft.com/en-us/library/ms536496(VS.85).aspx
(This is one of the ways the Selenium test automation tool deals with the issue)
In Chrome (& Chromium) 48 and above you should add the flag --user-data-dir like this:
chromium-browser --disable-web-security --user-data-dir
And it works.
You can also redirect a local port to the remote server and port via ssh.