fix: bypass CORB when web security is disabled (#15737)

* fix: extend content layer hook to bypass corb when web security is disabled.

* chore: add patch to disable CORB

atom/browser/atom_browser_client.h

@@ -11,6 +11,7 @@
 #include <string>
 #include <vector>
 
+#include "base/synchronization/lock.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/render_process_host_observer.h"
 #include "net/ssl/client_cert_identity.h"
@@ -143,6 +144,7 @@ class AtomBrowserClient : public content::ContentBrowserClient,
   GetSystemSharedURLLoaderFactory() override;
   void OnNetworkServiceCreated(
       network::mojom::NetworkService* network_service) override;
+  bool ShouldBypassCORB(int render_process_id) override;
 
   // content::RenderProcessHostObserver:
   void RenderProcessHostDestroyed(content::RenderProcessHost* host) override;
@@ -164,6 +166,7 @@ class AtomBrowserClient : public content::ContentBrowserClient,
     bool sandbox = false;
     bool native_window_open = false;
     bool disable_popups = false;
+    bool web_security = true;
   };
 
   bool ShouldCreateNewSiteInstance(content::RenderFrameHost* render_frame_host,
@@ -180,7 +183,6 @@ class AtomBrowserClient : public content::ContentBrowserClient,
   // pending_render_process => web contents.
   std::map<int, content::WebContents*> pending_processes_;
 
-  std::map<int, ProcessPreferences> process_preferences_;
   std::map<int, base::ProcessId> render_process_host_pids_;
 
   // list of site per affinity. weak_ptr to prevent instance locking
@@ -194,6 +196,9 @@ class AtomBrowserClient : public content::ContentBrowserClient,
 
   Delegate* delegate_ = nullptr;
 
+  base::Lock process_preferences_lock_;
+  std::map<int, ProcessPreferences> process_preferences_;
+
   DISALLOW_COPY_AND_ASSIGN(AtomBrowserClient);
 };