Comments (9)
@Sahillather002 Could you make a sample app that reproduces this issue?
from helmet.
index.js file
import express from 'express'
import bodyParser from 'body-parser'
import mongoose from 'mongoose'
import cors from 'cors'
import dotenv from 'dotenv'
import helmet from 'helmet'
import morgan from 'morgan'
import clientRoutes from './routes/client.js'
import generalRoutes from './routes/general.js'
import managementRoutes from './routes/management.js'
import salesRoutes from './routes/sales.js'
//configuration
dotenv.config()
const app = express()
app.use(express.json())
app.use(helmet())
app.use(helmet.crossOriginEmbedderPolicy({policy:"cross-origin"}))
app.use(morgan("common"))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended:false}))
app.use(cors())
//routes
app.use("/client",clientRoutes);
app.use("/general",generalRoutes);
app.use("/management",managementRoutes);
app.use("/sales",salesRoutes);
//mongodb setup
const PORT=process.env.PROT || 9000;
mongoose
.connect(process.env.MONGO_URL,{
useNewUrlParser:true,
useUnifiedTpology:true,
})
.then(()=>{
app.listen(PORT,()=>console.log(Server Port:${PORT}
));
})
.catch((error)=>console.log(${error} did not connect
));
from helmet.
This line looks like your problem:
app.use(helmet.crossOriginEmbedderPolicy({policy:"cross-origin"}))
"cross-origin" is not a supported policy. Do you mean to set it to "require-corp"?
from helmet.
Yes this line is only problem i am working on.
Well i want that cross-origin .
I don't know require-corp will do same.
from helmet.
Maybe you want the Cross-Origin-Resource-Policy header instead?
from helmet.
There hasn't been activity on this issue so I am going to close it.
Let me know if that's wrong!
from helmet.
still i got this error
throw new Error(Cross-Origin-Embedder-Policy does not support the ${JSON.stringify(policy)} policy
)
from helmet.
index.js file
import express from "express";
import bodyParser from "body-parser";
import mongoose from "mongoose";
import cors from "cors";
import dotenv from "dotenv";
import multer from "multer";
import helmet from "helmet";
import morgan from "morgan";
import path from "path";
import { fileURLToPath } from "url";
import exp from "constants";
const __filename=fileURLToPath(import.meta.url);
const __dirname=path.dirname(__filename);
dotenv.config();
const app=express();
app.use(express.json());
app.use(helmet());
// app.use(helmet.crossOriginEmbedderPolicy({ policy: "cross-origin"}));
app.use(helmet.crossOriginEmbedderPolicy({policy:"Cross-Origin-Resource-Policy"}))
app.use(morgan("common"));
app.use(bodyParser.json({limit:"30mb",extended:true}));
app.use(bodyParser.urlencoded({limit:"30mb",extended:true}));
app.use(cors());
app.use("/assets",express.static(path.json(__dirname,'public/assets')));
/FILE STORAGE/
const storage=multer.diskStorage({
destination: function(req, file, cb){
cb(null,"public/assets");
},
filename: function(req, file, cb){
cb(null,file.originalname);
}
});
const upload=multer(storage);
/* MONGOOS SETUP */
const PORT = process.env.PORT || 6001;
mongoose.connect(process.env.MONGO_URL,{
useNewUrlParse:true,
useUnifiedTopology:true,
}).then(()=>{
app.listen(PORT,()=>console.log(Server Port:${PORT}
));
}).catch((error)=>console.log(${error} did not connect
));
from helmet.
@shivmodi1203 This line looks like your problem:
app.use(helmet.crossOriginEmbedderPolicy({policy:"Cross-Origin-Resource-Policy"}))
There are only two valid policies: "require-corp"
and "credentialless"
. Try changing your code one of these. For example:
app.use(helmet.crossOriginEmbedderPolicy({policy: "require-corp"}));
from helmet.
Related Issues (20)
- Wiki code sample mistake HOT 1
- Error while building on local and digital ocean space HOT 3
- `Unexpected token` when importing `*.d.cts` or `*.d.mts` files from helmet HOT 1
- SSL error with Safari but not Chrome HOT 8
- RFE: Static pre-computed headers HOT 6
- Helmet not handling thrown errors HOT 2
- Cannot extract type for ContentSecurityPolicyOptions HOT 3
- Jest: Cannot find module 'helmet' or its corresponding type declarations HOT 3
- Consider limiting helmet to document requests or add a note HOT 4
- Deployment on Vercel using .mjs HOT 13
- X-Powered-By is not being removed from the haeder in default mode HOT 2
- Getting Error Type 'typeof import("/home/quophyie/projects/helmet-issue/node_modules/helmet/index")' has no call signatures when running tests with jest, ts-jest when using ESM / ECMAScript Modules HOT 12
- helmet + sanitizeFilter HOT 1
- Require Node 18+ HOT 5
- Support `unsafe-none` in `helmet.crossOriginEmbedderPolicy`? HOT 1
- Typescript required versions HOT 2
- 7.1.0 Rollup error HOT 17
- Disable HSTS headers by default on localhost HOT 9
- Error "script-src-elem" is an invalid directive HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helmet.