It seems like the point of window.postMessage is to allow safe communication between windows/frames hosted on different domains, but it doesn’t actually seem to allow that in Chrome. Here’s the scenario: Embed an <iframe> (with a src on domain B*) in a page on domain A The <iframe> ends up being mostly a <script> tag, at the end of which’s
Tag: google-chrome
Disable same origin policy in Chrome
Is there any way to disable the Same-origin policy on Google’s Chrome browser? Answer Close chrome (or chromium) and restart with the –disable-web-security argument. I just tested this and verified that I can access the contents of an iframe with src=”http://google.com” embedded in a page served from “localhost” (tested under chromium 5 / ubuntu). For me the exact command was: