The issue you are having is within the NextJS application, which appears to have provided a ‘same origin’ content security policy (CSP) header to the browser. This will prevent any ‘fetch’ on a resource URL that lies outside the origin of your app. (In your case, that appears to be ‘localhost’.)