So our application works in production with a CORS enabled.

I have a project that isn't CORS enabled locally. Is there a way to disable web security for protractor? Is there a way for me to add arguments to the selenium instance ?

We're looking for a configuration based solution. Our local development machines are pretty locked down on what we can install. So is this possible?

What i have tried is setting chrome options: https://github.com/angular/protractor/issues/175

But that appears to only be used for chrome extensions.

There is also args inside chromeOptions, where you can provide the --disable-web-security and --user-data-dir arguments.

If you are running the tests locally, make sure to supply a profile location for the --user-data-dir, otherwise Chrome will use the default profile and load the page in the current browser session (running with all of your extensions and settings).

capabilities: {
  'browserName': 'chrome',
  'chromeOptions': {
    'args': ['--disable-web-security', '--user-data-dir=~/.e2e-chrome-profile']
  }
},

@alecxe's solution wasn't working for me. I eventually came up with the following after some cli trial and error; I'm sharing my solution here (it took some hair pulling to figure it out) in case there are other lost souls out there having the same problem:

capabilities: {
    browserName: 'chrome',
    chromeOptions: {
        args: ['--disable-web-security', '--user-data-dir']
    }
}

Cheers!