CORS pre flight check

When developing locally you have two options to work around the CORS pre flight check.

Option 1 (simple option):
Start chrome with web security disabled. This will tell chrome to skip pre flight checks for cross domain requests. You can do so simply by running the following command in your command prompt.

Please note that you need to update the —user-data-dir parameter to point to a directory that has already been created.

The directory will not be created automatically and the command will fail. You also must supply an absolute path, using a relative path will also cause the command to fail.

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-web-security --disable-gpu --user-data-dir=C:\Users\example\Desktop\chromeTemp

Option 2 :

Configure your development environment to use HTTPS. As part serving your test app locally you will need to generate a certificate.

We recommend using tool like mkcert .

Thru’s CORS policy will need to be updated in our environment in order to accommodate the URL the app is served under locally. (contact

For example the US environment already has whitelisted to support local development of the upload widget.

The list of allowed origins we have configured in Octopus for US Prod is as follows: ["";, "";, "";]

Setting up your local development environment to use HTTPS heavily depends on how the customer’s project is setup which is why we would recommend option 1.

In our case we use haproxy to serve the project with HTTPS, but that is certainly not the only way to support HTTPS.