Fixed Access-Control-Allow-Origin for HMR

[dariobanfi]

Currently hot reloading of changes is not working because of Access-Control-Allow-Origin header.
The issue, together with the proposed resolution, is described here.

This may also fix this issue: #421

This change fixes the problem, however I'm not sure if there are some unwanted side effects with this. I'd imagine a Access-Control-Allow-Origin * should not be a problem for the dev server.

[diondirza]

Please see this issue and read the article inside it.

[dariobanfi]

Ah I understand... Any plan on how to solve this? Maybe with a proxy in webpack-dev-server?
To be honest though, this doesn't seem such a severe security risk that justifies not having a working HMR.

Especially since on a development environment the IPs are not normally reachable and if they were, leaking the "compiled source code" would be the last of the problems.
Maybe it's worth writing a comment about it.

But correct me if I'm wrong or I am underestimating the risk.

[ctrlplusb]

Hi @dariobanfi sorry for the late reply.

I looked into this. If you change your URL to http://0.0.0.0:1337 then it will work. We need to work out a better way of setting the host part in the webpack dev server configuration.

[ctrlplusb]

Closing in favour of #506