err blocked by response not same origin

“ERR_BLOCKED_BY_RESPONSE .NotSameOrigin” (err blocked by response not same origin) usually occurs in your web browser when a resource that your webpage is trying to access has a different origin (or domain/subdomain) than the page itself. This is a security feature built into web browsers to prevent cross-site scripting attacks.

I had to face “ERR_BLOCKED_BY_RESPONSE .NotSameOrigin” (err blocked by response not same origin) when one of my client’s requirement was to upgrade a node module, helmet 4.* to 7.* The scenario is that the client has an application running behind proxy at one subdomain and the admin panel of that application is accessible from another subdomain.

A quick workaround, since the api subdomain is not accessible by any other domain, is to put the following code in the main js file.

crossOriginResourcePolicy: false,

That is it. After restarting the node server, I was able to access the files in uploads folder from the admin panel subdomain url.

Source of a part of this solution is here.

Leave a Reply

Your email address will not be published. Required fields are marked *

HTML Snippets Powered By :