const helmet = require("helmet");
app.use(helmet());
const scriptSrcUrls = [
];
const styleSrcUrls = [
"https://fonts.googleapis.com/",
];
const connectSrcUrls = [
];
const fontSrcUrls = [
"fonts.gstatic.com",
];
app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: [],
connectSrc: ["'self'", ...connectSrcUrls],
scriptSrc: ["'unsafe-inline'", "'self'", ...scriptSrcUrls],
styleSrc: ["'self'", "'unsafe-inline'", ...styleSrcUrls],
workerSrc: ["'self'", "blob:"],
objectSrc: [],
imgSrc: [
"'self'",
"blob:",
"data:",
"https://res.cloudinary.com/lullabay/",
"https://images.unsplash.com/",
],
fontSrc: ["'self'", ...fontSrcUrls],
},
})
);
Hi, I have a problem using Helmet.js, when the page loads, it loads without the mate image giving me this error: GET https://res.cloudinary.com/cloudinaryaccount/image/fkdlasjfladsncw net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200
at first, it gave it to me without all the images but as soon as I added crossorigin =" anonymous started "
the images have a load correctly, the same result didn't happen with the meta image.