mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: disable CORS when webSecurity is disabled (#25463)

Browse source
This commit is contained in:
Cheng Zhao 2020-09-17 06:55:53 +09:00 committed by GitHub
parent a200b15600
commit 993eab691f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
shell/browser/electron_browser_client.cc
View file

@ -1507,10 +1507,11 @@ void ElectronBrowserClient::OverrideURLLoaderFactoryParams(
const url::Origin& origin,
bool is_for_isolated_world,
network::mojom::URLLoaderFactoryParams* factory_params) {
// Bypass CORB when web security is disabled.
// Bypass CORB and CORS when web security is disabled.
auto it = process_preferences_.find(factory_params->process_id);
if (it != process_preferences_.end() && !it->second.web_security) {
factory_params->is_corb_enabled = false;
factory_params->disable_web_security = true;
}
extensions::URLLoaderFactoryManager::OverrideURLLoaderFactoryParams(