From 111b4fe6d19f76d1f400441c437d24c31734575e Mon Sep 17 00:00:00 2001 From: David Iglesias Date: Tue, 30 Jul 2024 16:14:06 -0700 Subject: [PATCH] [web] Set COEP:credentialless on flutter run/drive. (#152413) This PR changes the value of the `COEP` response header from `require-corp` to `credentialless` in the Flutter tool, when running `flutter run`/`drive` for Web projects. This enables running tests compiled to wasm, that access 3P resources (like Google Maps) without blocking those resources. Docs: * https://developer.chrome.com/blog/coep-credentialless-origin-trial#credentialless_to_the_rescue ## Issue * https://github.com/flutter/flutter/issues/152411 --- packages/flutter_tools/lib/src/isolated/devfs_web.dart | 4 ++-- packages/flutter_tools/lib/src/test/flutter_web_platform.dart | 4 ++-- .../test/general.shard/web/web_asset_server_test.dart | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/flutter_tools/lib/src/isolated/devfs_web.dart b/packages/flutter_tools/lib/src/isolated/devfs_web.dart index eab00a94dc..690278ba67 100644 --- a/packages/flutter_tools/lib/src/isolated/devfs_web.dart +++ b/packages/flutter_tools/lib/src/isolated/devfs_web.dart @@ -1196,7 +1196,7 @@ class ReleaseAssetServer { 'Access-Control-Allow-Origin': '*', if (_needsCoopCoep && _fileSystem.path.extension(file.path) == '.html') ...{ 'Cross-Origin-Opener-Policy': 'same-origin', - 'Cross-Origin-Embedder-Policy': 'require-corp', + 'Cross-Origin-Embedder-Policy': 'credentialless', } }); } @@ -1208,7 +1208,7 @@ class ReleaseAssetServer { 'Content-Type': 'text/html', if (_needsCoopCoep) ...{ 'Cross-Origin-Opener-Policy': 'same-origin', - 'Cross-Origin-Embedder-Policy': 'require-corp', + 'Cross-Origin-Embedder-Policy': 'credentialless', }, }); } diff --git a/packages/flutter_tools/lib/src/test/flutter_web_platform.dart b/packages/flutter_tools/lib/src/test/flutter_web_platform.dart index c319132ed0..60697bd603 100644 --- a/packages/flutter_tools/lib/src/test/flutter_web_platform.dart +++ b/packages/flutter_tools/lib/src/test/flutter_web_platform.dart @@ -64,7 +64,7 @@ shelf.Handler createDirectoryHandler(Directory directory, { required bool crossO if (needsCrossOriginIsolated) ...{ 'Cross-Origin-Opener-Policy': 'same-origin', - 'Cross-Origin-Embedder-Policy': 'require-corp', + 'Cross-Origin-Embedder-Policy': 'credentialless', }, }, ); @@ -539,7 +539,7 @@ class FlutterWebPlatform extends PlatformPlugin { if (webRenderer == WebRendererMode.skwasm) ...{ 'Cross-Origin-Opener-Policy': 'same-origin', - 'Cross-Origin-Embedder-Policy': 'require-corp', + 'Cross-Origin-Embedder-Policy': 'credentialless', } }); } diff --git a/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart b/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart index 7b9f4c9f8b..aaeacef1a2 100644 --- a/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart +++ b/packages/flutter_tools/test/general.shard/web/web_asset_server_test.dart @@ -160,7 +160,7 @@ void main() { expect(response.statusCode, HttpStatus.ok); final Map headers = response.headers; expect(headers['Cross-Origin-Opener-Policy'], 'same-origin'); - expect(headers['Cross-Origin-Embedder-Policy'], 'require-corp'); + expect(headers['Cross-Origin-Embedder-Policy'], 'credentialless'); }); testWithoutContext('release asset server serves html content without COOP/COEP headers when specified', () async {