Reputation: 26085
What's the difference between "same-origin" and "no-cors" for JavaScript's Fetch API?
I thought same origin implies no CORS, and vice-versa. What's the difference between the two options for JavaScript's Fetch API's mode option?
Also, in the specs, it says:
Even though the default request mode is "no-cors", standards are highly discouraged from using it for new features. It is rather unsafe.
Why is it unsafe? Source: https://fetch.spec.whatwg.org/#requests
Upvotes: 19
Views: 10147
Answers (1)
Reputation: 10782
With same-origin you can perform requests only to your origin, otherwise the request will result in an error.
With no-cors, you can perform requests to other origins, even if they don't set the required CORS headers, but you'll get an opaque response.
You can read more on MDN: https://developer.mozilla.org/en-US/docs/Web/API/Request/mode and https://developer.mozilla.org/en-US/docs/Web/API/Response/type.
Upvotes: 16
Related Questions
- What is the difference between Bower and npm?
- What is the difference between String.slice and String.substring?
- What is the difference between "let" and "var"?
- What is the difference between call and apply?
- Difference between ( for... in ) and ( for... of ) statements?
- No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
- What is the difference between null and undefined in JavaScript?
- What's the difference between event.stopPropagation and event.preventDefault?
- How to get the difference between two arrays in JavaScript?