“ERR_BLOCKED_BY_RESPONSE .NotSameOrigin” (err blocked by response not same origin) usually occurs in your web browser when a resource that your webpage is trying to access has a different origin (or domain/subdomain) than the page itself. This is a security feature built into web browsers to prevent cross-site scripting attacks.
I had to face “ERR_BLOCKED_BY_RESPONSE .NotSameOrigin” (err blocked by response not same origin) when one of my client’s requirement was to upgrade a node module, helmet 4.* to 7.* The scenario is that the client has an application running behind proxy at one subdomain and the admin panel of that application is accessible from another subdomain.
A quick workaround, since the api subdomain is not accessible by any other domain, is to put the following code in the main js file.
app.use(helmet(
{
crossOriginResourcePolicy: false,
}
));
That is it. After restarting the node server, I was able to access the files in uploads folder from the admin panel subdomain url.
Source of a part of this solution is here.