fixup! fix(@angular/build): allow configuring Access-Control-Allow-Origin via headers option

Author: alan-agius4

packages/angular/build/src/builders/dev-server/tests/options/headers_spec.ts

@@ -51,6 +51,17 @@ describeServeBuilder(executeDevServer, DEV_SERVER_BUILDER_INFO, (harness, setupT
       expect(await response?.headers.get('access-control-allow-origin')).toBe('http://example.com');
     });
 
+    it('should not include Access-Control-Allow-Origin header by default', async () => {
+      harness.useTarget('serve', {
+        ...BASE_OPTIONS,
+      });
+
+      const { result, response } = await executeOnceAndFetch(harness, '/main.js');
+
+      expect(result?.success).toBeTrue();
+      expect(await response?.headers.has('access-control-allow-origin')).toBeFalse();
+    });
+
     it('media resource response headers should include configured header', async () => {
       await harness.writeFiles({
         'src/styles.css': `h1 { background: url('./test.svg')}`,