Enable all origins via CORS header for custom schemes

This PR disables CORS for custom schemes, which allows you to serve Font
resources from custom schemes after using registerCustomSchemeAsSecure

atom/browser/net/url_request_buffer_job.cc

@@ -50,6 +50,9 @@ void URLRequestBufferJob::GetResponseInfo(net::HttpResponseInfo* info) {
   status.append("\0\0", 2);
   net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
 
+  std::string cors("Access-Control-Allow-Origin: *");
+  headers->AddHeader(cors);
+
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");

atom/browser/net/url_request_buffer_job.h

@@ -12,6 +12,8 @@
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_request_simple_job.h"
 
+const std::string kCorsHeader("Access-Control-Allow-Origin: *");
+
 namespace atom {
 
 class URLRequestBufferJob : public JsAsker<net::URLRequestSimpleJob> {

atom/browser/net/url_request_string_job.cc

@@ -32,6 +32,9 @@ void URLRequestStringJob::GetResponseInfo(net::HttpResponseInfo* info) {
   std::string status("HTTP/1.1 200 OK");
   net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
 
+  std::string cors("Access-Control-Allow-Origin: *");
+  headers->AddHeader(cors);
+
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");