We are creating web applications using Java on the back end (not Spring) and React on the front end. The production deployment works fine because the compiled React is drawn from the Java server.

However, when we are doing development we are having problems with CORS because we are either running React from the IDE (e.g. IntelliJ) using "npm run start" against the production server or from the server running on another IDE (e.g. Netbeans). Either way, this violates CORS policy.

I don't want to modify either the server or the React code since these are working correctly (and securely) in production. I am looking for a simple way to turn off CORS in the local environment when testing.

Additional observations:

We have been using a local proxy server (CORS Anywhere). It stopped working for me on Chrome and Safari but still works on Firefox. When using "npm run start" the React is served from localhost:3000. I'm guessing that this is a generic Node server that is configured from something in the project, perhaps package.json. One solution might be to add something to this to generate headers "Access-Control-Allow-Origin: *".