Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' data:"
This disables the contentSecurityPolicy
middleware but keeps the rest:
app.use( helmet({ contentSecurityPolicy: false, }));