Turn off sandbox and other things on new windows?



I am trying to use Google OAuth2 which creates a popup window to login too, but when the popup window opens it reports

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

"Uncaught SecurityError: Failed to set the 'cookie' property on 'Document': The document is sandboxed and lacks the 'allow-same-origin' flag.

I turned off web-security I believe

'web-preferences': {
  'web-security': false

But it still won’t work, any idea of how to fix this?