CORS options

Brass Contributor

I'm a developer and I'm often annoyed with same origin policy. I would love to have a switch to disable CORS when working with localhost or the intranet.

 

One of the most annoyed thing in Chrome is having a CORS error message for something not related to CORS.

 

What is your plans regading CORS on the new Edge ?

 

That beeing said, I just looked at the flags in about:flags and found "Out of blink CORS". I found some reference on the internet but I can't figure out the purpose of this flag. Someone knows?

 

Thanks.

 

 

 

1 Reply
Generally speaking, CORS policies are based on web standards and should be identical across browsers. As a consequence, Edge behavior can be expected to match Chrome's.

If you are seeing an incorrect message, please provide repro steps and we will investigate.

The Out-of-Blink-CORS flag should have no visible impact on anything. What it does is move CORS checks out of the (potentially compromised Renderer process) to a more trustworthy process, thus providing higher protection against cross-origin data theft.

There exists a command line switch which disables web security (including CORS) but I'd advise against using it, as it is unsafe and it will hide bugs.