webpack: Disable cross-origin-header-check middleware.

This middleware in webpack-dev-server 5.2.1 appears to be intended to plug some undisclosed browser-specific vulnerability that allows stealing code from closed-source projects. https://github.com/webpack/webpack-dev-server/issues/5446#issuecomment-2768816082 https://github.com/webpack/webpack-dev-server/issues/5446#issuecomment-2772150109 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2025-10-23 04:52:12 +00:00 · 2025-04-15 15:37:14 -07:00
parent 0f2f795fe0
commit c40bd39a01
1 changed files with 2 additions and 0 deletions
--- a/web/webpack.config.ts
+++ b/web/webpack.config.ts
@@ -255,6 +255,8 @@ const config = (
                "Access-Control-Allow-Origin": "*",
                "Timing-Allow-Origin": "*",
            },
+            setupMiddlewares: (middlewares) =>
+                middlewares.filter((middleware) => middleware.name !== "cross-origin-header-check"),
        },
        infrastructureLogging: {
            level: "warn",