@Sahillather002 Could you make a sample app that reproduces this issue?

from helmet.

index.js file

import express from 'express'
import bodyParser from 'body-parser'
import mongoose from 'mongoose'
import cors from 'cors'
import dotenv from 'dotenv'
import helmet from 'helmet'
import morgan from 'morgan'
import clientRoutes from './routes/client.js'
import generalRoutes from './routes/general.js'
import managementRoutes from './routes/management.js'
import salesRoutes from './routes/sales.js'

//configuration
dotenv.config()
const app = express()
app.use(express.json())
app.use(helmet())
app.use(helmet.crossOriginEmbedderPolicy({policy:"cross-origin"}))
app.use(morgan("common"))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended:false}))
app.use(cors())

//routes
app.use("/client",clientRoutes);
app.use("/general",generalRoutes);
app.use("/management",managementRoutes);
app.use("/sales",salesRoutes);

//mongodb setup
const PORT=process.env.PROT || 9000;
mongoose
.connect(process.env.MONGO_URL,{
useNewUrlParser:true,
useUnifiedTpology:true,
})
.then(()=>{
app.listen(PORT,()=>console.log(Server Port:${PORT}));
})
.catch((error)=>console.log(${error} did not connect));

from helmet.

This line looks like your problem:

 app.use(helmet.crossOriginEmbedderPolicy({policy:"cross-origin"}))

"cross-origin" is not a supported policy. Do you mean to set it to "require-corp"?

from helmet.

Yes this line is only problem i am working on.
Well i want that cross-origin .
I don't know require-corp will do same.

from helmet.

Maybe you want the Cross-Origin-Resource-Policy header instead?

from helmet.

There hasn't been activity on this issue so I am going to close it.

Let me know if that's wrong!

from helmet.

still i got this error
throw new Error(Cross-Origin-Embedder-Policy does not support the ${JSON.stringify(policy)} policy)

from helmet.

index.js file

import express from "express";
import bodyParser from "body-parser";
import mongoose from "mongoose";
import cors from "cors";
import dotenv from "dotenv";
import multer from "multer";
import helmet from "helmet";
import morgan from "morgan";
import path from "path";
import { fileURLToPath } from "url";
import exp from "constants";

const __filename=fileURLToPath(import.meta.url);
const __dirname=path.dirname(__filename);
dotenv.config();
const app=express();
app.use(express.json());
app.use(helmet());
// app.use(helmet.crossOriginEmbedderPolicy({ policy: "cross-origin"}));
app.use(helmet.crossOriginEmbedderPolicy({policy:"Cross-Origin-Resource-Policy"}))
app.use(morgan("common"));
app.use(bodyParser.json({limit:"30mb",extended:true}));
app.use(bodyParser.urlencoded({limit:"30mb",extended:true}));
app.use(cors());
app.use("/assets",express.static(path.json(__dirname,'public/assets')));

/FILE STORAGE/
const storage=multer.diskStorage({
destination: function(req, file, cb){
cb(null,"public/assets");
},
filename: function(req, file, cb){
cb(null,file.originalname);
}
});
const upload=multer(storage);

/* MONGOOS SETUP */

const PORT = process.env.PORT || 6001;
mongoose.connect(process.env.MONGO_URL,{
useNewUrlParse:true,
useUnifiedTopology:true,
}).then(()=>{
app.listen(PORT,()=>console.log(Server Port:${PORT}));
}).catch((error)=>console.log(${error} did not connect));

from helmet.

@shivmodi1203 This line looks like your problem:

app.use(helmet.crossOriginEmbedderPolicy({policy:"Cross-Origin-Resource-Policy"}))

There are only two valid policies: "require-corp" and "credentialless". Try changing your code one of these. For example:

app.use(helmet.crossOriginEmbedderPolicy({policy: "require-corp"}));

from helmet.