--disable-web-security
VS --user-data-dir
Also see: https://peter.sh/experiments/chromium-command-line-switches/#disable-web-security
I came across an issue with running google-chrome to render some HTML file, where we are loading fonts from an external URL and to avoid CORS screaming at us we configured it like:
google-chrome --user-data-dir=/tmp/ --disable-web-security
so loading the fonts from another domain was allowed.
Now through a subtle change in our code, at some point the argument order was flipped to
google-chrome --disable-web-security --user-data-dir=/tmp/
which in some older versions of Chrome (probably between v96 and v120) resulted in just silently ignoring the --disable-web-security flag. Reordering as before fixed that issue.
Just writing this down for others to maybe stumble upon, took me a while to figure it out.