[chinhodado]

What drives me nuts with CORS is there's no (easy) way to disable it in the browser for development purpose, e.g. when I want to run some scripts in a local HTML file to do some basic web scrapping.

[chrisshroba]

I think the --disable-web-security flag should work for you if you're using Chrome or Chromium: https://stackoverflow.com/questions/3102819/disable-same-ori...

[ratww]

Safari has an option to disable CORS in the "Develop" menu.

[wilsonrocks]

I was interested to learn about 'no-cors' where you get a sparse response. Was hoping to use it to find out if a web page was being accessed from a client's internal network or not (by trying to get a page that only existed there and inspecting the response)

In the end I didn't get to find out if it worked or not due to boring reasons.

[zackify]

just use this https://cors-anywhere.herokuapp.com/

or just set all your cors headers to * on your server

[user5994461]

* is blocked by most browsers to avoid lazy developers putting their site wild open to abuse.

[411111111111111]

At least Chrome and Firefox don't block it. I've recently used something similar as an add-on until I did exactly what he said: manually setting a cors * header for that internal development server

[zackify]

Chrome and Firefox do not.

If that’s really the case with your browser.... set it to request.origin, so it’s always valid haha

[timvdalen]

Isn't that just begging for legal trouble?

[quickthrower2]

Is that a MITM?