Javascript Apps, APIs, AJAX and CORS

If you are developing Javascript applications that make AJAX calls directly to an API that you don’t control, you will probably experiment issues with CORS. If you take a look to your console, the following message will appear:

XMLHttpRequest cannot load http://foo/bar. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:8100’ is therefore not allowed access.

How to fix it, easy, developing with Chrome, just install the extension “Allow-Control-Allow-Origin: *” and you will be able to disable the CORS protection in any Chrome tab. Done. Working. Enjoy.

UPDATE: You can also run Chrome with a parameter to disallow all the security checks. For OSX, open Terminal and run: “open -a Google\ Chrome –args –disable-web-security”