webpack: Disable cross-origin-header-check middleware.

This middleware in webpack-dev-server 5.2.1 appears to be intended to
plug some undisclosed browser-specific vulnerability that allows
stealing code from closed-source projects.

webpack/webpack-dev-server#5446 (comment)
webpack/webpack-dev-server#5446 (comment)

Signed-off-by: Anders Kaseorg <[email protected]>

Author: andersk

web/webpack.config.ts

@@ -255,6 +255,8 @@ const config = (
                 "Access-Control-Allow-Origin": "*",
                 "Timing-Allow-Origin": "*",
             },
+            setupMiddlewares: (middlewares) =>
+                middlewares.filter((middleware) => middleware.name !== "cross-origin-header-check"),
         },
         infrastructureLogging: {
             level: "warn",