Index: runtime/bin/vmservice/server.dart |
diff --git a/runtime/bin/vmservice/server.dart b/runtime/bin/vmservice/server.dart |
index c237c9e9c5cf74de4b50560de8831f437b0116ad..f6dc7b85406c545f64878125109eceea4828641b 100644 |
--- a/runtime/bin/vmservice/server.dart |
+++ b/runtime/bin/vmservice/server.dart |
@@ -79,8 +79,9 @@ class HttpRequestClient extends Client { |
static ContentType jsonContentType = |
new ContentType("application", "json", charset: "utf-8"); |
final HttpRequest request; |
+ final List<String> _allowedOrigins; |
- HttpRequestClient(this.request, VMService service) |
+ HttpRequestClient(this.request, VMService service, this._allowedOrigins) |
: super(service, sendEvents:false); |
disconnect() { |
@@ -95,6 +96,11 @@ class HttpRequestClient extends Client { |
} |
HttpResponse response = request.response; |
response.headers.contentType = jsonContentType; |
+ final uri = Uri.parse(request.headers['Origin'].single ?? ''); |
+ final noPortOrigin = new Uri(host: uri.host, scheme: uri.scheme).origin; |
+ if (_allowedOrigins.contains(noPortOrigin)) { |
+ response.headers.add('Access-Control-Allow-Origin', uri.origin); |
+ } |
if (result is String) { |
response.write(result); |
} else { |
@@ -239,7 +245,7 @@ class Server { |
} |
// HTTP based service request. |
try { |
- var client = new HttpRequestClient(request, _service); |
+ var client = new HttpRequestClient(request, _service, _allowedOrigins); |
var message = new Message.fromUri(client, request.uri); |
client.onMessage(null, message); |
} catch (e) { |