ERR_BLOCKED_BY_RESPONSE.NotSameOrigin Helmet
If you get ERR_BLOCKED_BY_RESPONSE.NotSameOrigin error when loading resource from an express app using Helmet@^5.0.0,
because the Cross-Origin-Embedder-Policy header is enabled by default. To allow it, you must add config to Helmet:
app.use(
helmet({
crossOriginEmbedderPolicy: false,
// ...
})
);