From 23163c2ef358afddbc4a0652a715175f2fe23944 Mon Sep 17 00:00:00 2001
From: Anthony Tseng <darkdh@gmail.com>
Date: Tue, 7 Aug 2018 17:41:40 -0700
Subject: [PATCH] Do not add "Access-Control-Allow-Origin: *" to response
 header fix https://github.com/brave/browser-laptop/issues/14967

Auditors: @bridiver, @diracdeltas, @bbondy
---
 atom/browser/net/asar/url_request_asar_job.cc | 1 -
 atom/browser/net/url_request_buffer_job.cc    | 2 --
 atom/browser/net/url_request_string_job.cc    | 2 --
 atom/common/atom_constants.cc                 | 2 --
 atom/common/atom_constants.h                  | 3 ---
 5 files changed, 10 deletions(-)

diff --git a/atom/browser/net/asar/url_request_asar_job.cc b/atom/browser/net/asar/url_request_asar_job.cc
index 287271019..8bb71bb78 100644
--- a/atom/browser/net/asar/url_request_asar_job.cc
+++ b/atom/browser/net/asar/url_request_asar_job.cc
@@ -240,7 +240,6 @@ void URLRequestAsarJob::GetResponseInfo(net::HttpResponseInfo* info) {
   std::string status("HTTP/1.1 200 OK");
   auto* headers = new net::HttpResponseHeaders(status);
 
-  headers->AddHeader(atom::kCORSHeader);
   info->headers = headers;
 }
 
diff --git a/atom/browser/net/url_request_buffer_job.cc b/atom/browser/net/url_request_buffer_job.cc
index e360b9341..f6384106b 100644
--- a/atom/browser/net/url_request_buffer_job.cc
+++ b/atom/browser/net/url_request_buffer_job.cc
@@ -78,8 +78,6 @@ void URLRequestBufferJob::GetResponseInfo(net::HttpResponseInfo* info) {
   status.append("\0\0", 2);
   auto* headers = new net::HttpResponseHeaders(status);
 
-  headers->AddHeader(kCORSHeader);
-
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");
diff --git a/atom/browser/net/url_request_string_job.cc b/atom/browser/net/url_request_string_job.cc
index 37e644556..ede85bba7 100644
--- a/atom/browser/net/url_request_string_job.cc
+++ b/atom/browser/net/url_request_string_job.cc
@@ -34,8 +34,6 @@ void URLRequestStringJob::GetResponseInfo(net::HttpResponseInfo* info) {
   std::string status("HTTP/1.1 200 OK");
   auto* headers = new net::HttpResponseHeaders(status);
 
-  headers->AddHeader(kCORSHeader);
-
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");
diff --git a/atom/common/atom_constants.cc b/atom/common/atom_constants.cc
index f66c947aa..e3f645f28 100644
--- a/atom/common/atom_constants.cc
+++ b/atom/common/atom_constants.cc
@@ -6,8 +6,6 @@
 
 namespace atom {
 
-const char kCORSHeader[] = "Access-Control-Allow-Origin: *";
-
 const char kSHA1Certificate[] = "SHA-1 Certificate";
 const char kSHA1MajorDescription[] =
     "The certificate for this site expires in 2017 or later, "
diff --git a/atom/common/atom_constants.h b/atom/common/atom_constants.h
index b67b7b2e4..fae08cca4 100644
--- a/atom/common/atom_constants.h
+++ b/atom/common/atom_constants.h
@@ -7,9 +7,6 @@
 
 namespace atom {
 
-// Header to ignore CORS.
-extern const char kCORSHeader[];
-
 // Strings describing Chrome security policy for DevTools security panel.
 extern const char kSHA1Certificate[];
 extern const char kSHA1MajorDescription[];