From 77b7890bcedbf8f535b27a0a35ab67487bfd7ec6 Mon Sep 17 00:00:00 2001
From: "nweiz@google.com" <nweiz@google.com>
Date: Wed, 17 Dec 2014 20:59:18 +0000
Subject: [PATCH] Support cross-origin requests to pub serve.

R=rnystrom@google.com
BUG=21891

Review URL: https://codereview.chromium.org//786223006

git-svn-id: https://dart.googlecode.com/svn/branches/bleeding_edge@42443 260f80e4-7a28-3924-810f-c04153c831b5
---
 lib/src/barback/barback_server.dart           |  7 +++++
 .../supports_cross_origin_header_test.dart    | 26 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 test/serve/supports_cross_origin_header_test.dart

diff --git a/lib/src/barback/barback_server.dart b/lib/src/barback/barback_server.dart
index 2f1b4f8e..f825bd85 100644
--- a/lib/src/barback/barback_server.dart
+++ b/lib/src/barback/barback_server.dart
@@ -143,6 +143,13 @@ class BarbackServer extends BaseServer<BarbackServerResult> {
 
       addResult(new BarbackServerResult._failure(request.url, id, error));
       return notFound(request, asset: id);
+    }).then((response) {
+      // Allow requests of any origin to access "pub serve". This is useful for
+      // running "pub serve" in parallel with another development server. Since
+      // "pub serve" is only used as a development server and doesn't require
+      // any sort of credentials anyway, this is secure.
+      return response.change(
+          headers: const {"Access-Control-Allow-Origin": "*"});
     });
   }
 
diff --git a/test/serve/supports_cross_origin_header_test.dart b/test/serve/supports_cross_origin_header_test.dart
new file mode 100644
index 00000000..66b7dda3
--- /dev/null
+++ b/test/serve/supports_cross_origin_header_test.dart
@@ -0,0 +1,26 @@
+// Copyright (c) 2014, the Dart project authors.  Please see the AUTHORS d.file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+library pub_tests;
+
+import 'package:scheduled_test/scheduled_test.dart';
+
+import '../descriptor.dart' as d;
+import '../test_pub.dart';
+import 'utils.dart';
+
+main() {
+  initConfig();
+  integration("sends responses that allow cross-origin requests", () {
+    d.dir(appPath, [
+      d.appPubspec(),
+      d.dir("web", [d.file("index.html", "<body>")])
+    ]).create();
+
+    pubServe();
+    requestShouldSucceed("index.html", "<body>",
+        headers: containsPair("access-control-allow-origin", "*"));
+    endPubServe();
+  });
+}
-- 
GitLab