Sometimes when I'm developing an HTML5 app for a client it does not make sense to set up the client's full environment on my local machine.

Sometimes the setup is complicated and the budget doesn't allow me to spend a day or two for setup. Sometimes the apps are leveraging services that spread between multiple departments and servers and it is not practical to set them all up locally. Other times, the client wants me up and running in the shortest order possible. In such situations, I still write code on my local local machine, but access their services remotely.

HTML applications that run in a browser this can cause a problem. The HTML app can't use xmlHTTPRequest to make calls to remote servers. This is done to prevent normal users from running into cross site scripting which are often used for nefarious means.

When developing code locally, however, my use is legit and I need a temporary work around. In these situations, I often go to a a Chrome command line argument that disables cross site scripting restrictions:

view plain print about
1pathtoChromeInstall\Chrome.exe -disable-web-security

Once this is in place, I am able to run HTML code on my local server that can make remote service calls to my client's server. Then all is good in the world and I'm able to continue to work productively with my client.

There is a great StackOverflow writeup on this point.