Request: mode property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since March 2017.
The mode read-only property of the Request
interface contains the mode of the request (e.g., cors,
no-cors, same-origin, navigate or websocket.) This is used
to determine if cross-origin requests lead to valid responses, and which properties of the response are readable.
Value
- A
RequestModevalue. -
The associated mode, available values of which are:
same-origin-
If a request is made to another origin with this mode set, the result is an error. You could use this to ensure that a request is always being made to your origin.
no-cors-
Prevents the method from being anything other than
HEAD,GETorPOST, and the headers from being anything other than CORS-safelisted request headers. If any ServiceWorkers intercept these requests, they may not add or override any headers except for those that are CORS-safelisted request headers. In addition, JavaScript may not access any properties of the resultingResponse. This ensures that ServiceWorkers do not affect the semantics of the Web and prevents security and privacy issues arising from leaking data across domains. cors-
Allows cross-origin requests, for example to access various APIs offered by 3rd party vendors. These are expected to adhere to the CORS protocol. Only a limited set of headers are exposed in the
Response, but the body is readable. -
A mode for supporting navigation. The
navigatevalue is intended to be used only by HTML navigation. A navigate request is created only while navigating between documents. websocket-
A special mode used only when establishing a WebSocket connection.
Default mode
Requests can be initiated in a variety of ways, and the mode for a request depends on the particular means by which it was initiated.
For example, when a Request object is created using the
Request() constructor, the value of the mode property
for that Request is set to cors.
However, for requests created other than by the Request()
constructor, no-cors is typically used as the mode; for example, for
embedded resources where the request is initiated from markup, unless the
crossorigin
attribute is present, the request is in most cases made using the no-cors
mode — that is, for the <link> or <script> elements
(except when used with modules), or <img>, <audio>,
<video>, <object>, <embed>, or
<iframe> elements.
Examples
In the following snippet, we create a new request using the
Request() constructor (for an image file in the same directory as
the script), then save the request mode in a variable:
const myRequest = new Request("flowers.jpg");
const myMode = myRequest.mode; // returns "cors" by default
Specifications
| Specification |
|---|
| Fetch Standard # ref-for-dom-request-mode② |
Browser compatibility
BCD tables only load in the browser