To help ensure that all of your Amazon S3 buckets and objects have their public access blocked, we recommend that you turn on all four settings for Block Public Access for your account. "Cross-Origin request is blocked and it is used by some other resources" Then i download cors in project directory and put it in the server file index.js as below: To download simply type command using node.js : Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. So the origin is mentioned as null. As the behavior using the elements above is different between the browsers, either use an HTML link or JavaScript to open a window (or tab), then use this configuration to maximize the cross supports: Some cross origin requests are preflighted. It can be set to a specific domain or * for all domains (implemented by the Quiz API above). with node.js), call your backend API and then "forward" your request the public API with your secret API key. It helps isolate potentially malicious documents, reducing possible attack vectors. For example, it prevents a malicious website on the Internet from running JS in a browser to read data from a third-party webmail Stack Overflow. It is possible to request many of them directly using