[web] Set COEP:credentialless on flutter run/drive. (#152413)

This PR changes the value of the `COEP` response header from `require-corp` to `credentialless` in the Flutter tool, when running `flutter run`/`drive` for Web projects. This enables running tests compiled to wasm, that access 3P resources (like Google Maps) without blocking those resources. Docs: * https://developer.chrome.com/blog/coep-credentialless-origin-trial#credentialless_to_the_rescue ## Issue * https://github.com/flutter/flutter/issues/152411
2024-07-30 16:14:06 -07:00 · 2024-07-30 16:14:06 -07:00 · 111b4fe6d1
commit 111b4fe6d1
parent 4778895036
3 changed files with 5 additions and 5 deletions
--- a/packages/flutter_tools/lib/src/isolated/devfs_web.dart
+++ b/packages/flutter_tools/lib/src/isolated/devfs_web.dart
@ -1196,7 +1196,7 @@ class ReleaseAssetServer {
        'Access-Control-Allow-Origin': '*',
        if (_needsCoopCoep && _fileSystem.path.extension(file.path) == '.html') ...<String, String>{
          'Cross-Origin-Opener-Policy': 'same-origin',
-          'Cross-Origin-Embedder-Policy': 'require-corp',
+          'Cross-Origin-Embedder-Policy': 'credentialless',
        }
      });
    }
@ -1208,7 +1208,7 @@ class ReleaseAssetServer {
        'Content-Type': 'text/html',
        if (_needsCoopCoep) ...<String, String>{
          'Cross-Origin-Opener-Policy': 'same-origin',
-          'Cross-Origin-Embedder-Policy': 'require-corp',
+          'Cross-Origin-Embedder-Policy': 'credentialless',
        },
      });
  }
--- a/packages/flutter_tools/lib/src/test/flutter_web_platform.dart
+++ b/packages/flutter_tools/lib/src/test/flutter_web_platform.dart
@ -64,7 +64,7 @@ shelf.Handler createDirectoryHandler(Directory directory, { required bool crossO
        if (needsCrossOriginIsolated)
          ...<String, String>{
            'Cross-Origin-Opener-Policy': 'same-origin',
-            'Cross-Origin-Embedder-Policy': 'require-corp',
+            'Cross-Origin-Embedder-Policy': 'credentialless',
          },
      },
    );
@ -539,7 +539,7 @@ class FlutterWebPlatform extends PlatformPlugin {
        if (webRenderer == WebRendererMode.skwasm)
          ...<String, String>{
            'Cross-Origin-Opener-Policy': 'same-origin',
-            'Cross-Origin-Embedder-Policy': 'require-corp',
+            'Cross-Origin-Embedder-Policy': 'credentialless',
          }
      });
    }
--- a/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart
+++ b/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart
@ -160,7 +160,7 @@ void main() {
    expect(response.statusCode, HttpStatus.ok);
    final Map<String, String> headers = response.headers;
    expect(headers['Cross-Origin-Opener-Policy'], 'same-origin');
-    expect(headers['Cross-Origin-Embedder-Policy'], 'require-corp');
+    expect(headers['Cross-Origin-Embedder-Policy'], 'credentialless');
  });

  testWithoutContext('release asset server serves html content without COOP/COEP headers when specified', () async {