0

I'm working on a project that requires me to use chrome to visit hundreds of websites with the --disable-web-security flag. As far as I understand, enabling this flag will disable the same origin policy. I can't, however, find information regarding whether other browser security measures such as XSS auditing are disabled as well. Does the --disable-web-security flag only apply to the same origin policy?

If indeed this flag only applies to the same origin policy, would I then be safe to browse with it enabled as long as I am in a new incognito session? If not, would browsing within a virtual machine provide complete protection?

EDIT: I also will not be inputing any personal information while this flag is enabled.

user3010063
  • 1
  • 1
  • I'll take the role of the annoying person that asks why you need to disable-web-security. Is it not possible to achieve what you need by writing a simple chrome extension? – Erlend May 11 '16 at 08:31
  • Also note that you can start Chrome using --user-data-dir to specify separate data directories for each instance, thus nothing is shared between the launches. – Erlend May 11 '16 at 08:32
  • @Erlend, I need access to cross-domain resources within the browser environment, and as far as I can tell, a Chrome extension does not provide a solution. [link](http://stackoverflow.com/questions/5678040/cssrules-rules-are-null-in-chrome) – user3010063 May 14 '16 at 03:01

0 Answers0