HTMLScriptElement: crossOrigin property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.
The crossOrigin
property of the HTMLScriptElement
interface reflects the Cross-Origin Resource Sharing settings for the script element. For classic scripts from other origins, this controls if full error information will be exposed. For module scripts, it controls the script itself and any script it imports. See CORS settings attributes for details.
Value
A string of a keyword specifying the CORS mode to use when fetching the resource. Possible values are:
anonymous
or an empty string (""
)-
Requests sent by the
HTMLScriptElement
will use thecors
mode and thesame-origin
credentials mode. This means that CORS is enabled and credentials are sent if the resource is fetched from the same origin from which the document was loaded. use-credentials
-
Requests sent by the
HTMLScriptElement
will use thecors
mode and theinclude
credentials mode. All resources requests by the element will use CORS, regardless of which domain the fetch is from.
If the crossOrigin
property is specified with any other value, it is the same as specifying it as the anonymous
.
If the crossOrigin
property is not specified, the resource is fetched without CORS (the no-cors
mode and the same-origin
credentials mode).
Specifications
Specification |
---|
HTML Standard # dom-script-crossorigin |
Browser compatibility
BCD tables only load in the browser