From af431b38d238b7d0c5572e2445c141cf374712b5 Mon Sep 17 00:00:00 2001
From: John Ryan <ryjohn@google.com>
Date: Fri, 26 Jul 2024 11:01:41 -0700
Subject: [PATCH] Use more CORS headers for flutter run server (#152249)

Also update tests

Attempt #2 of #152048

cc: @cbracken
---
 packages/flutter_tools/lib/src/isolated/devfs_web.dart      | 4 +++-
 .../test/general.shard/web/web_asset_server_test.dart       | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/packages/flutter_tools/lib/src/isolated/devfs_web.dart b/packages/flutter_tools/lib/src/isolated/devfs_web.dart
index 5faf5c5050570..eab00a94dca2e 100644
--- a/packages/flutter_tools/lib/src/isolated/devfs_web.dart
+++ b/packages/flutter_tools/lib/src/isolated/devfs_web.dart
@@ -1192,7 +1192,9 @@ class ReleaseAssetServer {
               'application/octet-stream';
       return shelf.Response.ok(bytes, headers: <String, String>{
         'Content-Type': mimeType,
-        if (_needsCoopCoep && file.basename == 'index.html') ...<String, String>{
+        'Cross-Origin-Resource-Policy': 'cross-origin',
+        'Access-Control-Allow-Origin': '*',
+        if (_needsCoopCoep && _fileSystem.path.extension(file.path) == '.html') ...<String, String>{
           'Cross-Origin-Opener-Policy': 'same-origin',
           'Cross-Origin-Embedder-Policy': 'require-corp',
         }
diff --git a/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart b/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart
index d0b819600ce67..7b9f4c9f8b4bf 100644
--- a/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart
+++ b/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart
@@ -59,6 +59,8 @@ void main() {
 
     expect(response.headers, <String, String>{
       'Content-Type': 'image/png',
+      'Cross-Origin-Resource-Policy': 'cross-origin',
+      'Access-Control-Allow-Origin': '*',
       'content-length': '64',
     });
   });
@@ -79,6 +81,8 @@ void main() {
 
     expect(response.headers, <String, String>{
       'Content-Type': 'text/javascript',
+      'Cross-Origin-Resource-Policy': 'cross-origin',
+      'Access-Control-Allow-Origin': '*',
       'content-length': '18',
     });
   });
@@ -99,6 +103,8 @@ void main() {
 
     expect(response.headers, <String, String>{
       'Content-Type': 'text/html',
+      'Cross-Origin-Resource-Policy': 'cross-origin',
+      'Access-Control-Allow-Origin': '*',
       'content-length': '28',
     });
   });