ERR_BLOCKED_BY_ORB with puppeteer

Question

I'm working on an Express JS API for converting base64 HTML to PDF.

I'm using Puppeteer for this conversion. Within the HTML code, there is an image hosted on a dedicated server that requires authentication. I'm encountering an issue when trying to retrieve the image from this third-party server. In Chromium with "headless: false" mode, I'm receiving these errors:

**"Failed to load resource: net::ERR_BLOCKED_BY_ORB." **

Please note that the cookie is present in Chromium.

(I'm also experiencing CORS policy problems when loading Google fonts.)

My errors here:

→ My puppeteer code :

export class PdfManager {
  async convertToPdf({ content, jwtToken }: HtmlToPdfTypes) {
    const cookie = [
      {
        name: "user",
        value: jwtToken,
        domain: ".mysubdomain.domain.com",
        httpOnly: false,
        secure: false,
        hostOnly: false,
      },
    ];

    const browser = await puppeteer.launch({
      headless: false,
      args: [
        // "--disable-web-security",
        "--no-sandbox",
      ],
    });

    const page = await browser.newPage();

    await page.setCookie(...cookie);

    const htmlContent = Buffer.from(content, "base64").toString();

    await page.setContent(htmlContent);

    const pdf = await page.pdf({
      format: "A4",
      printBackground: true,
    });

    // await browser.close();

    return pdf;
  }
}

→ My app.ts code:

const app = express();

app.use(bodyParser.json({ limit: "10mb" }));

app.use(
  bodyParser.urlencoded({
    extended: true,
    limit: "10mb",
    parameterLimit: 50000,
  })
);

app.use(express.json());

app.use(
  cors({
    credentials: true,
    origin: process.env.FRONTEND_URL,
    optionsSuccessStatus: 200,
  })
);

app.use(router);

app.use(express.static(path.join(__dirname, "../public")));

export default app;

I've tried adding Helmet, but it hasn't improved the situation. I've also attempted to use "--disable-web-security" with puppeteer.launch for testing, but I'm receiving a 403 error. I do my tests locally, and the image is stored on a Java/spring server.

Thank you for your responses.

-I tried to add Helmet dependency/ received no results. -I tried to disable web security in Chromium / received "Failed to load resource: the server responded with a status of 403 ()". -I tried using crossorigin="anonymous" in my tag / didn't work

Answer 1

For those ending up here because it's one of the few results for ERR_BLOCKED_BY_ORB: In our case, it was an API call that was supposed to reply with a response that looked like a JavaScript file, but Redis was throwing an error and so over the wire a JSON response about the error was coming. Since it didn't reply as a JS file like the call was expecting, it was blocking it under the ORB error.

Check to make sure that the response is what you think it is. We had to open the API call in a separate window to get it to show us the actual response before we realized what was happening.

Answer 2

This is a new method of reporting failed requests, in my cause an AWS S3 GET request with an expired token.

The following was found in a Chrome developer thread from October 2023

ORB "v0.2" changes error handling from silently injecting an empty response to raising a network error. Since the default is to log errors on the console this can lead to a very "spam-y" console. To resolve this, we will always report ORB network errors (ERR_BLOCKED_BY_ORB) to DevTools as an issue, and will suppress console messages for the same errors.

reference https://groups.google.com/a/chromium.org/g/loading-reviews/c/1wxIb_ScThU