Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Cross-Origin-Embedder-Policy does not support the "cross-origin" policy #432

Closed
EvanHahn opened this issue Jul 10, 2023 · 9 comments
Closed

Error: Cross-Origin-Embedder-Policy does not support the "cross-origin" policy #432

EvanHahn opened this issue Jul 10, 2023 · 9 comments
Labels
needs more information

Comments

@EvanHahn
Copy link
Member

Opening this for @Sahillather002 after comments in another issue.

throw new Error(Cross-Origin-Embedder-Policy does not support the ${JSON.stringify(policy)} policy)
^

Error: Cross-Origin-Embedder-Policy does not support the "cross-origin" policy
at getHeaderValueFromOptions$6 (file:///F:/project/fullapp/server/node_modules/helmet/index.mjs:120:9)
at Function.crossOriginEmbedderPolicy (file:///F:/project/fullapp/server/node_modules/helmet/index.mjs:124:22)
at file:///F:/project/fullapp/server/index.js:19:16
at ModuleJob.run (node:internal/modules/esm/module_job:198:25)
at async Promise.all (index 0)
at async ESMLoader.import (node:internal/modules/esm/loader:385:24)
at async loadESM (node:internal/process/esm_loader:88:5)
at async handleMainPromise (node:internal/modules/run_main:61:12)
[nodemon] app crashed - waiting for file changes before starting...

This is the exact error is couldn't get over it!
@EvanHahn EvanHahn mentioned this issue Jul 10, 2023
Closed
@EvanHahn
Copy link
Member Author

@Sahillather002 Could you make a sample app that reproduces this issue?

@Sahillather002
Copy link

index.js file

import express from 'express'
import bodyParser from 'body-parser'
import mongoose from 'mongoose'
import cors from 'cors'
import dotenv from 'dotenv'
import helmet from 'helmet'
import morgan from 'morgan'
import clientRoutes from './routes/client.js'
import generalRoutes from './routes/general.js'
import managementRoutes from './routes/management.js'
import salesRoutes from './routes/sales.js'

//configuration
dotenv.config()
const app = express()
app.use(express.json())
app.use(helmet())
app.use(helmet.crossOriginEmbedderPolicy({policy:"cross-origin"}))
app.use(morgan("common"))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended:false}))
app.use(cors())

//routes
app.use("/client",clientRoutes);
app.use("/general",generalRoutes);
app.use("/management",managementRoutes);
app.use("/sales",salesRoutes);

//mongodb setup
const PORT=process.env.PROT || 9000;
mongoose
.connect(process.env.MONGO_URL,{
useNewUrlParser:true,
useUnifiedTpology:true,
})
.then(()=>{
app.listen(PORT,()=>console.log(Server Port:${PORT}));
})
.catch((error)=>console.log(${error} did not connect));

@EvanHahn
Copy link
Member Author

This line looks like your problem:

 app.use(helmet.crossOriginEmbedderPolicy({policy:"cross-origin"}))

"cross-origin" is not a supported policy. Do you mean to set it to "require-corp"?

@Sahillather002
Copy link

Yes this line is only problem i am working on.
Well i want that cross-origin .
I don't know require-corp will do same.

@EvanHahn
Copy link
Member Author

Maybe you want the Cross-Origin-Resource-Policy header instead?

@EvanHahn
Copy link
Member Author

There hasn't been activity on this issue so I am going to close it.

Let me know if that's wrong!

@EvanHahn EvanHahn closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@shivmodi1203
Copy link

still i got this error
throw new Error(Cross-Origin-Embedder-Policy does not support the ${JSON.stringify(policy)} policy)

@shivmodi1203
Copy link

index.js file

import express from "express";
import bodyParser from "body-parser";
import mongoose from "mongoose";
import cors from "cors";
import dotenv from "dotenv";
import multer from "multer";
import helmet from "helmet";
import morgan from "morgan";
import path from "path";
import { fileURLToPath } from "url";
import exp from "constants";

const __filename=fileURLToPath(import.meta.url);
const __dirname=path.dirname(__filename);
dotenv.config();
const app=express();
app.use(express.json());
app.use(helmet());
// app.use(helmet.crossOriginEmbedderPolicy({ policy: "cross-origin"}));
app.use(helmet.crossOriginEmbedderPolicy({policy:"Cross-Origin-Resource-Policy"}))
app.use(morgan("common"));
app.use(bodyParser.json({limit:"30mb",extended:true}));
app.use(bodyParser.urlencoded({limit:"30mb",extended:true}));
app.use(cors());
app.use("/assets",express.static(path.json(__dirname,'public/assets')));

/FILE STORAGE/
const storage=multer.diskStorage({
destination: function(req, file, cb){
cb(null,"public/assets");
},
filename: function(req, file, cb){
cb(null,file.originalname);
}
});
const upload=multer(storage);

/* MONGOOS SETUP */

const PORT = process.env.PORT || 6001;
mongoose.connect(process.env.MONGO_URL,{
useNewUrlParse:true,
useUnifiedTopology:true,
}).then(()=>{
app.listen(PORT,()=>console.log(Server Port:${PORT}));
}).catch((error)=>console.log(${error} did not connect));

@EvanHahn
Copy link
Member Author

@shivmodi1203 This line looks like your problem:

app.use(helmet.crossOriginEmbedderPolicy({policy:"Cross-Origin-Resource-Policy"}))

There are only two valid policies: "require-corp" and "credentialless". Try changing your code one of these. For example:

app.use(helmet.crossOriginEmbedderPolicy({policy: "require-corp"}));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs more information
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EvanHahn @Sahillather002 @shivmodi1203