Bypass CORS in Arc Browser Without Extensions

Ashutosh ShuklaAshutosh Shukla
1 min read

Quick Guide: Disable Web Security in Arc

Sometimes during frontend development, you need to bypass CORS (Cross-Origin Resource Sharing) restrictions to test APIs or embedded content from different origins. Instead of juggling browser extensions, you can launch Arc Browser with security disabled—just like you might in Chrome.

Here's the one-liner command:

open -n -a "Arc" --args --user-data-dir="/tmp/arc_dev_test" --disable-web-security

What this does

  • open -n -a "Arc": Opens a new instance of Arc Browser.

  • --user-data-dir: Uses a temporary profile so you don't mess up your default session.

  • --disable-web-security: Disables CORS and other web security features (use only in dev).

When you're done, quit Arc completely (Cmd + Q) to close the insecure instance.

Use case:

Perfect for local dev environments where:

  • You're calling APIs from localhost to another domain.

  • You're embedding iframes or scripts from multiple sources.

  • You want to avoid CORS-related errors without browser extensions.

Happy hacking, and remember: disable security only when you’re debugging—never in production.

0
Subscribe to my newsletter

Read articles from Ashutosh Shukla directly inside your inbox. Subscribe to the newsletter, and don't miss out.

arc_browserchrome extension#chrome_devtoolsChromeCORSCORS ERRORSAPIs

Written by

Ashutosh Shukla
Ashutosh Shukla