Linksku Linksku - 4 months ago 11x
Javascript Question

What's the difference between "same-origin" and "no-cors" for JavaScript's Fetch API?

I thought same origin implies no CORS, and vice-versa. What's the difference between the two options for JavaScript's Fetch API's


Also, in the specs, it says:

Even though the default request mode is "no-cors", standards are
highly discouraged from using it for new features. It is rather

Why is it unsafe? Source:


With same-origin you can perform requests only to your origin, otherwise the request will result in an error.

With no-cors, you can perform requests to other origins, even if they don't set the required CORS headers, but you'll get an opaque response.

You can read more on MDN: and