ERR_BLOCKED_BY_RESPONSE.NotSameOrigin Helmet
If you get ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
error when loading resource from an express app using Helmet@^5.0.0
,
because the Cross-Origin-Embedder-Policy
header is enabled by default. To allow it, you must add config to Helmet
:
app.use(
helmet({
crossOriginEmbedderPolicy: false,
// ...
})
);