From 0699c18e994df4feec237df30ef07acb7a10a9bc Mon Sep 17 00:00:00 2001
From: Jaime Blasco <jaimeblasco97@gmail.com>
Date: Thu, 3 Sep 2020 22:33:39 +0200
Subject: [PATCH] [flutter_tool] [web] Remove x-frame-options header during
 debug (#62115)

Currently flutter run -d web creates a server with the x-frame-options: SAMEORIGIN added by default (shelf add it's by default). This doesn't allow you to use it inside a frame.

I am trying to build an embedded simulator in vscode and it requires using an iframe.

With this PR I remove the header for debug and profile mode.
---
 .../lib/src/build_runner/devfs_web.dart       |  6 +++++
 .../general.shard/web/devfs_web_test.dart     | 22 +++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/packages/flutter_tools/lib/src/build_runner/devfs_web.dart b/packages/flutter_tools/lib/src/build_runner/devfs_web.dart
index 3367f49e51..6138ef643d 100644
--- a/packages/flutter_tools/lib/src/build_runner/devfs_web.dart
+++ b/packages/flutter_tools/lib/src/build_runner/devfs_web.dart
@@ -159,6 +159,9 @@ class WebAssetServer implements AssetReader {
         address = (await InternetAddress.lookup(hostname)).first;
       }
       final HttpServer httpServer = await HttpServer.bind(address, port);
+      // Allow rendering in a iframe.
+      httpServer.defaultResponseHeaders.remove('x-frame-options', 'SAMEORIGIN');
+
       final PackageConfig packageConfig = await loadPackageConfigWithLogging(
         globals.fs.file(buildInfo.packagesPath),
         logger: globals.logger,
@@ -283,6 +286,9 @@ class WebAssetServer implements AssetReader {
   /* late final */ Dwds dwds;
   Directory entrypointCacheDirectory;
 
+  @visibleForTesting
+  HttpHeaders get defaultResponseHeaders => _httpServer.defaultResponseHeaders;
+
   @visibleForTesting
   Uint8List getFile(String path) => _files[path];
 
diff --git a/packages/flutter_tools/test/general.shard/web/devfs_web_test.dart b/packages/flutter_tools/test/general.shard/web/devfs_web_test.dart
index cc9bbbe29c..846e5593f9 100644
--- a/packages/flutter_tools/test/general.shard/web/devfs_web_test.dart
+++ b/packages/flutter_tools/test/general.shard/web/devfs_web_test.dart
@@ -752,6 +752,28 @@ void main() {
 
     await webDevFS.destroy();
   }));
+
+  test('allows frame embedding', () async {
+    final WebAssetServer webAssetServer = await WebAssetServer.start(
+      null,
+      'localhost',
+      0,
+      null,
+      true,
+      true,
+      const BuildInfo(
+        BuildMode.debug,
+        '',
+        treeShakeIcons: false,
+      ),
+      false,
+      Uri.base,
+      null,
+      testMode: true);
+
+    expect(webAssetServer.defaultResponseHeaders['x-frame-options'], null);
+    await webAssetServer.dispose();
+  });
 }
 
 class MockHttpServer extends Mock implements HttpServer {}