Forum Discussion
CORS options
I'm a developer and I'm often annoyed with same origin policy. I would love to have a switch to disable CORS when working with localhost or the intranet.
One of the most annoyed thing in Chrome is having a CORS error message for something not related to CORS.
What is your plans regading CORS on the new Edge ?
That beeing said, I just looked at the flags in about:flags and found "Out of blink CORS". I found some reference on the internet but I can't figure out the purpose of this flag. Someone knows?
Thanks.
- Eric_Lawrence
Microsoft
Generally speaking, CORS policies are based on web standards and should be identical across browsers. As a consequence, Edge behavior can be expected to match Chrome's.
If you are seeing an incorrect message, please provide repro steps and we will investigate.
The Out-of-Blink-CORS flag should have no visible impact on anything. What it does is move CORS checks out of the (potentially compromised Renderer process) to a more trustworthy process, thus providing higher protection against cross-origin data theft.
There exists a command line switch which disables web security (including CORS) but I'd advise against using it, as it is unsafe and it will hide bugs.
