The basics

• I validated my changes

The details

Resolves

This PR adds a Access-Control-Allow-Origin: * to the HTTP headers served on responses from the /static directory of the Blockly App Engine service where the stock assets are served from. Ideally, developers would serve these themselves, but many don't. When generating screenshots of Blockly, these assets are necessary (drag handles, icons, etc), but since they are cross-origin in many cases relative to the page from which a screenshot is being generated, they are inaccessible in that context.