Menu
I thought same origin implies no CORS, and vice-versa. What's the difference between the two options for JavaScript's Fetch API's mode option?
Also, in the specs, it says:
Even though the default request mode is "no-cors", standards are highly discouraged from using it for new features. It is rather unsafe.
Why is it unsafe? Source: https://fetch.spec.whatwg.org/#requests
211
no-cors. Prevents the method from being anything other than HEAD , GET or POST , and the headers from being anything other than simple headers. If any ServiceWorkers intercept these requests, they may not add or override any headers except for those that are simple headers.
mode. The mode option is a safe-guard that prevents occasional cross-origin requests: "cors" – the default, cross-origin requests are allowed, as described in Fetch: Cross-Origin Requests, "same-origin" – cross-origin requests are forbidden, "no-cors" – only safe cross-origin requests are allowed.
With same-origin you can perform requests only to your origin, otherwise the request will result in an error.
With no-cors, you can perform requests to other origins, even if they don't set the required CORS headers, but you'll get an opaque response.
You can read more on MDN: https://developer.mozilla.org/en-US/docs/Web/API/Request/mode and https://developer.mozilla.org/en-US/docs/Web/API/Response/type.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
