4

I need to know what the --disable-web-security parameter does in chrome. I know that it disables same origin policy.

But I also noticed that it messes with your websockets (I first experienced it with googles gmail, now with my own nodeapp)

So what does it do exactly?

edit: with messing I mean that I often fail to connect or lose connections to websocket-webapplications (while my chrome runs with the --disable-web-security parameter ). bear in mind that this is only an empirical diagnosis - I am not perfectly sure whether this parameter corelates with my connection issues.

Improve this question
8
  • What does " messes with your websockets" mean in your question? Can you be more specific? Do you realize that every webSocket starts as an HTTP request so anything that disables cross origin protections for web requests will also disable cross origin protections for webSockets too? Commented Apr 26, 2016 at 23:24
  • Related questions: stackoverflow.com/questions/17679399/… and stackoverflow.com/questions/22026984/… and stackoverflow.com/questions/24290149/… Commented Apr 26, 2016 at 23:25
  • @jfriend00: Websockets are not protected by the Same Origin Policy which makes the OP's statement even more intruiging. Commented Apr 27, 2016 at 7:20
  • @SilverlightFox - That page is not correct (or is misleading). webSocket connections are subject to same origin protections. The server may allow cross origin connections, but the browser will ONLY connect if the server allows it and supports the proper procedure for allowing it. Commented Apr 27, 2016 at 7:22
  • @jfriend00: Yes, that's correct. The point is that is is all down to the server to correctly validate the Origin header, nothing in the browser will protect it automatically. I wonder if --disable-web-security prevents this header from being sent for cross-origin WS connections (I've not tried it)? Commented Apr 27, 2016 at 7:35
Related questions
2214
Disable same origin policy in Chrome
1218
How do I get ASP.NET Web API to return JSON instead of XML using Chrome?
1231
How does the SQL injection from the "Bobby Tables" XKCD comic work?
Load 5 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.