Request: mode property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since March 2017.
The mode
read-only property of the Request
interface contains the mode of the request (e.g., cors
,
no-cors
, same-origin
, navigate
or websocket
.) This is used
to determine if cross-origin requests lead to valid responses, and which properties of the response are readable.
Value
- A
RequestMode
value. -
The associated mode, available values of which are:
same-origin
-
If a request is made to another origin with this mode set, the result is an error. You could use this to ensure that a request is always being made to your origin.
no-cors
-
Prevents the method from being anything other than
HEAD
,GET
orPOST
, and the headers from being anything other than CORS-safelisted request headers. If any ServiceWorkers intercept these requests, they may not add or override any headers except for those that are CORS-safelisted request headers. In addition, JavaScript may not access any properties of the resultingResponse
. This ensures that ServiceWorkers do not affect the semantics of the Web and prevents security and privacy issues arising from leaking data across domains. cors
-
Allows cross-origin requests, for example to access various APIs offered by 3rd party vendors. These are expected to adhere to the CORS protocol. Only a limited set of headers are exposed in the
Response
, but the body is readable. -
A mode for supporting navigation. The
navigate
value is intended to be used only by HTML navigation. A navigate request is created only while navigating between documents. websocket
-
A special mode used only when establishing a WebSocket connection.
Default mode
Requests can be initiated in a variety of ways, and the mode for a request depends on the particular means by which it was initiated.
For example, when a Request
object is created using the
Request()
constructor, the value of the mode
property
for that Request
is set to cors
.
However, for requests created other than by the Request()
constructor, no-cors
is typically used as the mode; for example, for
embedded resources where the request is initiated from markup, unless the
crossorigin
attribute is present, the request is in most cases made using the no-cors
mode — that is, for the <link>
or <script>
elements
(except when used with modules), or <img>
, <audio>
,
<video>
, <object>
, <embed>
, or
<iframe>
elements.
Examples
In the following snippet, we create a new request using the
Request()
constructor (for an image file in the same directory as
the script), then save the request mode in a variable:
const myRequest = new Request("flowers.jpg");
const myMode = myRequest.mode; // returns "cors" by default
Specifications
Specification |
---|
Fetch Standard # ref-for-dom-request-mode② |
Browser compatibility
BCD tables only load in the browser