Chrome web security can be pretty valuable to the end-user as it protects you from hackers or other applications that might aim to compromise your system security and privacy. Unfortunately, it can also get annoying, especially for web development or penetration testing. Let’s say you are trying an API request from a website that is not listed as among the sites that can access the API. You will see a CORS (Cross-Origin Resource Sharing) warning in the web console stating, “Access to that particular resource from your origin is blocked by CORS policy.”
Disabling Chrome Web Security flags
If you have worked with Linux, Windows, or macOS and come across this issue, you know that there are different solutions that you can use, most of which involve executing some commands on the Terminal or command prompt. Let’s look at these commands as they will guide us on how to disable Chrome web security on a Chromebook.
Disabling Chrome Web Security on Linux
You can use the command below to start the Google Chrome browser with the web security flag disabled on Linux systems.
google-chrome --user-data-dir=”/var/tmp/Chrome” --disable-web-security
Disabling Chrome Web Security on macOS
Using OSX, use the command below to start Chrome with the Web security flag disabled.
open -a Google\ Chrome --args --disable-web-security --user-data-dir
Disabling Chrome Web Security on Windows
For Windows, it’s a little complicated. First, use the
cd command to navigate the Google Chrome folder inside the ‘Program Files.’ Now run the Chrome executable with the ‘disable web security’ flag below.
In some of the commands above, we have added a
--user-data-dir flag. Since the Chrome 80 release, you will need to specify a value for the
--user-data-dir flag when disabling web security. If not, you will encounter the error “Web security may only be disabled if ‘–user-dat-dir’ is also specified with a non-default value.”
Can you Disable Web Security on a Chromebook?
The Chrome OS is designed and built with security in mind. Unfortunately, that has some negative impacts, and one of them is the inability of users to disable the Web security flag. You can quickly execute a command to launch Chrome with web security disabled with other operating systems like Linux, Windows, and macOS. However, there is no feature to open an app from the console on Chrome OS.
Therefore, the bottom line is that it’s not possible to disable web security on Chrome OS. But there is another method that we can use to achieve what we want.
Nowadays, Chromebooks include support for Linux that allows you to run Linux apps on your Chromebook without any issues. To achieve that, Chrome OS creates a Debian virtual machine in the background allowing you to install Linux apps and access them from the applications menu just like you would with other system apps. You will also access the Linux terminal, where you can run commands like you would on a Debian-based distribution. This sounds much better as it gives you some additional powers over your system. Right?
We will use the simple logic below.
- Enable Linux on our Chromebook
- Install Google Chrome browser inside Linux
- Launch Chrome from the Linux Terminal with the ‘web security flag’ disabled.
Let’s get started.
Step 1. Enable Linux on Your System
If you haven’t done this before, please check out our master guide post, “How to install and configure Linux Apps on Chrome OS,” which will give you a step-by-step guide on enabling Linux on your Chromebook.
Step 2. Install Google Chrome on Linux
After enabling Linux on your Chromebook, you will get access to a terminal where you can execute Linux commands like you would on a normal Linux distribution. To install Chrome, let’s first download the Chrome DEB file using the command below.
When done, make the file executable using the command below.
sudo chmod +x file-name.deb
sudo chmod +x google-chrome-stable_current_amd64.deb
When done, install the application using the command below.
sudo apt install ./google-chrome-stable_current_amd64.deb
Step 3. Launch Chrome with Web Security Disabled
After successfully installing Google Chrome on our Chromebook, we can now start the browser with web security disabled using the command below.
google-chrome –user-data-dir=”/var/tmp/Chrome” –disable-web-security
Tip: Please don’t confuse the native Chrome browser pre-installed on Chrome OS with the Chrome browser we launched from our Linux container. I use a simple trick to let one browser run in full-window mode while the other is not.
You would see the Chrome window open if everything went well, as shown below.
You will see a warning at the top of the window that will notify you that you are running Chrome without the web security flag. “You are using an unsupported command-line flag: -disable-web-security. Stability and security will suffer.” That’s it! You have successfully disabled the Chrome web security flag on your Chromebook. Feel free to play with your APIs without any CORS policy issues.
I hope this article helped you run Chrome without the web security flag on your Chromebook. Are there any tips or tricks you want to share with our readers? Or did you encounter any errors along the way? Please don’t hesitate to let us know in the comments below.