Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Issue Details

• Electron Version: 9.0.0
• Operating System: Windows 10 (1904)
• Last Known Working Electron version: 8.2.0

Expected Behavior

Setting BrowserWindow webPreferences: { webSecurity: false } should disable the CORS policy

Actual Behavior

Although I am receiving the electron security warnings for "Disabled webSecurity","allowRunningInsecureContent" and "Insecure Content-Security-Policy" in the console I am still getting COR policy errors on my requests.

Here is an example:

Access to XMLHttpRequest at 'http://localhost:8080/users/login' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.