Sometimes when you have done all you can on the backend side to return cors headers such as

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With"
Access-Control-Allow-Methods: "POST, OPTIONS, GET, PUT"

The dreaded CORS still happens, and you want a way to tell your chrome browser to SHUT THE HELL UPP!, well fortunately, you can!

For OSX, open Terminal and run:

$ open -a Google\ Chrome --args --disable-web-security --user-data-dir

--user-data-dir required on Chrome 49+ on OSX & Windows

For Linux run:

$ google-chrome --disable-web-security

Also if you're trying to access local files for dev purposes like AJAX or JSON, you can use this flag too.

--allow-file-access-from-files

For Windows go into the command prompt and go into the folder where Chrome.exe is and type

chrome.exe --disable-web-security --user-data-dir="D:\temp-data"

Make sure that folder temp-data is present and created before running the above command temp-data is just an arbitrary name, you can use any folder for this purpose That should disable the same origin policy and allow you to access local files.

Update: For Chrome 22+ you will be presented with an error message that says:

You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.

However you can just ignore that message while developing.