Description
Command
serve
Is this a regression?
- Yes, this behavior used to work in the previous version
The previous version in which this bug was not present was
@angular-devkit/build-angular 19.1.4
Description
Starting with Angular 19.1.5, when running the development server using ng serve, the Access-Control-Allow-Origin header is no longer included in responses when accessing assets. In version 19.1.4, this header was still being sent with the value '*'.
This affects cross-origin requests to static assets served by the development server.
Minimal Reproduction
Repository for minimal reproduction:
[Link to Git Repository]
Steps to reproduce:
- Clone repository and install dependencies:
git clone https://github.com/vkennke/angular-cors.git
cd angular-cors
npm install- Start dev server:
ng serve- Access http://localhost:4200/assets/test.txt and check response headers
Expected behavior:
Response headers include Access-Control-Allow-Origin: *
Actual behavior:
Access-Control-Allow-Origin header is missing from response
To verify this is a regression:
- Edit package.json to set @angular-devkit/build-angular to 19.1.4:
"@angular-devkit/build-angular": "19.1.4"- Repeat steps 2-3
- Observe that the Access-Control-Allow-Origin: * header is present
Exception or Error
No error is thrown, but the missing header prevents cross-origin requests from succeeding.
Your Environment
Angular CLI: 19.1.5
Node: 20.18.0
Package Manager: npm 10.8.2
OS: win32 x64
Angular: 19.1.4
... animations, common, compiler, compiler-cli, core, forms
... platform-browser, platform-browser-dynamic, router
Package Version
---------------------------------------------------------
@angular-devkit/architect 0.1901.5
@angular-devkit/build-angular 19.1.5
@angular-devkit/core 19.1.5
@angular-devkit/schematics 19.1.5
@angular/cli 19.1.5
@schematics/angular 19.1.5
rxjs 7.8.1
typescript 5.7.3
zone.js 0.15.0
Anything else relevant?
No response