From 7622bb40a95801d5cca594925e83b2c540cb957a Mon Sep 17 00:00:00 2001
From: Paul Betts <paul@paulbetts.org>
Date: Mon, 23 Nov 2015 23:29:49 -0800
Subject: [PATCH] Enable all origins via CORS header for custom schemes

This PR disables CORS for custom schemes, which allows you to serve Font
resources from custom schemes after using registerCustomSchemeAsSecure
---
 atom/browser/net/url_request_buffer_job.cc | 3 +++
 atom/browser/net/url_request_buffer_job.h  | 2 ++
 atom/browser/net/url_request_string_job.cc | 3 +++
 3 files changed, 8 insertions(+)

diff --git a/atom/browser/net/url_request_buffer_job.cc b/atom/browser/net/url_request_buffer_job.cc
index affc3dd37..c4936ba15 100644
--- a/atom/browser/net/url_request_buffer_job.cc
+++ b/atom/browser/net/url_request_buffer_job.cc
@@ -50,6 +50,9 @@ void URLRequestBufferJob::GetResponseInfo(net::HttpResponseInfo* info) {
   status.append("\0\0", 2);
   net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
 
+  std::string cors("Access-Control-Allow-Origin: *");
+  headers->AddHeader(cors);
+
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");
diff --git a/atom/browser/net/url_request_buffer_job.h b/atom/browser/net/url_request_buffer_job.h
index ab8de7e8f..8de5d82e0 100644
--- a/atom/browser/net/url_request_buffer_job.h
+++ b/atom/browser/net/url_request_buffer_job.h
@@ -12,6 +12,8 @@
 #include "net/http/http_status_code.h"
 #include "net/url_request/url_request_simple_job.h"
 
+const std::string kCorsHeader("Access-Control-Allow-Origin: *");
+
 namespace atom {
 
 class URLRequestBufferJob : public JsAsker<net::URLRequestSimpleJob> {
diff --git a/atom/browser/net/url_request_string_job.cc b/atom/browser/net/url_request_string_job.cc
index 4a631b813..5d7a7dd01 100644
--- a/atom/browser/net/url_request_string_job.cc
+++ b/atom/browser/net/url_request_string_job.cc
@@ -32,6 +32,9 @@ void URLRequestStringJob::GetResponseInfo(net::HttpResponseInfo* info) {
   std::string status("HTTP/1.1 200 OK");
   net::HttpResponseHeaders* headers = new net::HttpResponseHeaders(status);
 
+  std::string cors("Access-Control-Allow-Origin: *");
+  headers->AddHeader(cors);
+
   if (!mime_type_.empty()) {
     std::string content_type_header(net::HttpRequestHeaders::kContentType);
     content_type_header.append(": ");
-- 
2.34.1