For starters one might ask why would anyone want to switch CORS off?
Cross-Origin Resource Sharing (CORS) is a part of HTTP header that indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
Web applications usually have client part of application and server part of application. Client part of application works on client side, usually in browser, gets data from server, provides visual interface and forms for user interaction and sends modified data to server. If client and server side use the same web domain so the CORS works fine with that. But the problem arise when you want your client app to work with different web domain, for example get data from some website that doesn’t set CORS permissions to allow third party applications’ access.
Without any further explanation here is the command to start Chrome with disabled CORS in Windows:
"C:\Users\webmaster\AppData\Local\Google\Chrome\Application\chrome.exe" --test-type --disable-web-security --disable-gpu --user-data-dir=~/chromeTemp
Similar commands are in Linux and MacOS as well. You will need to change path to your instance of Chrome. Arguments(switches) to the command are necessary to modify Chrome behavior and you can make shortcut out of it. If you omit –test-type argument you will get an Chrome warning that you are operating insecure instance of Chrome, so I suggest you keep other instances of Chrome open for the sake of surfing web. –disable-web-security is the argument that turns off CORS and –disable-gpu will turn off hardware acceleration. It’s important to set –user-data-dir to some temporary folder you have made for CORS-off instance of Chrome.
Finally keep in mind that you are running insecure instance of Chrome and use it only for your own testing purposes and not for general use like surfing web because there are many web attacks that exploit issues with CORS.