Uw betrouwbare partner voor (mobiele) web applicaties

Bypass AJAX CORS restriction for desktop testing

While developing a mobile app I often need to invoke a webservice which is not under my control. Most times I bump into the fact that I can call a webservice with AJAX from my mobile phone, but not from my desktop browser. This is caused by AJAX CORS.


Cross-Origin Resource Sharing prevents AJAX calls from one domain to the other. A PhoneGap app uses the file prototcol (file:///), which isn’t a domain at all, so no CORS restriction is in effect. However, when testing on your desktop (http://localhost/app), you’re using the http protocol with a domain, so the request fails.

Chrome to the rescue

Google Chrome can be started with a switch to disable the CORS restriction 🙂


To easily start Chrome with disabled websecurity in effect and immediately opening the app I want to test, I added a shortcut to my Mac desktop. You need to name it <yourapp>.command and add this to the file:

open -a Google\ Chrome --args --disable-web-security localhost:8080

One more thing

The command above opens a Terminal shell and then opens Chrome. If you want to terminate the Terminal shell when it’s done opening Chrome, start a Terminal > open Preferences > Settings > Shell > When the Shell exits > ‘Close if the shell exited cleanly’. Apple should have made that the default anyway.