From c8af6da236fb2807c12ac3d2af811fe2515ce152 Mon Sep 17 00:00:00 2001
From: Chaiwat Ekkaewnumchai <cekkaewnumchai@fb.com>
Date: Tue, 30 Jun 2020 06:50:38 -0700
Subject: [PATCH] Disable Web Security in Command Line

Summary:
We've disabled web security in `BrowserWindow` (https://fburl.com/diffusion/0l0q669m). However, there is a bug in Electron 9 that makes this doesn't work as expected (https://github.com/electron/electron/issues/23664). Earlier, we've resolved this problem by specifying `no-cors` mode in requests. This strikes again in other plugin.

This diff applies a workaround commented inside the issue to allow to make CORS requests.

Reviewed By: nikoant

Differential Revision: D22306977

fbshipit-source-id: ea0f5e3f1c4080037df258a6c5ce1fc89d433c3b
---
 desktop/static/main.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/desktop/static/main.ts b/desktop/static/main.ts
index cf9e08480..4f08df880 100644
--- a/desktop/static/main.ts
+++ b/desktop/static/main.ts
@@ -273,6 +273,11 @@ ipcMain.on(
 // Define custom protocol handler. Deep linking works on packaged versions of the application!
 app.setAsDefaultProtocolClient('flipper');
 
+// webSecurity is already disabled in BrowserWindow. However, it seems there is
+// a bug in Electron 9 https://github.com/electron/electron/issues/23664. There
+// is workaround suggested in the issue
+app.commandLine.appendSwitch('disable-features', 'OutOfBlinkCors');
+
 function tryCreateWindow() {
   if (appReady && pluginsCompiled) {
     win = new BrowserWindow({