ERR_BLOCKED_BY_RESPONSE.NotSameOrigin HelmetERR_BLOCKED_BY_RESPONSE.NotSameOrigin HelmetERR_BLOCKED_BY_RESPONSE.NotSameOrigin Helmet

#helmet #Cross Origin Resource Policy #CORP

2022::10::14

1 min

AUTHOR:Z.SHINCHVEN

If you get ERR_BLOCKED_BY_RESPONSE.NotSameOrigin error when loading resource from an express app using Helmet@^5.0.0, because the Cross-Origin-Embedder-Policy header is enabled by default. To allow it, you must add config to Helmet:

app.use(
  helmet({
    crossOriginEmbedderPolicy: false,
    // ...
  })
);

References

Cross-Origin-Embedder-Policy
CORP
helmet

Share Node:

PREVIOUS_DATA腾讯企业邮箱设置别名

NEXT_DATA Send File From ExpressJS Response