-
Notifications
You must be signed in to change notification settings - Fork 22.4k
/
index.md
73 lines (54 loc) · 2.58 KB
/
index.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
---
title: "Response: redirected property"
short-title: redirected
slug: Web/API/Response/redirected
page-type: web-api-instance-property
browser-compat: api.Response.redirected
---
{{APIRef("Fetch API")}}
The read-only **`redirected`** property of the {{domxref("Response")}} interface indicates whether or not the response is the result of a request you made which was redirected.
> [!NOTE]
> Relying on redirected to filter out redirects makes it easy for a forged redirect to prevent your content from working as expected.
> Instead, you should do the filtering when you call {{domxref("Window/fetch", "fetch()")}}.
> See the example [Disallowing redirects](#disallowing_redirects), which shows this being done.
## Value
A boolean value which is `true` if the response indicates that your request was redirected.
## Examples
### Detecting redirects
Checking to see if the response comes from a redirected request is as simple as checking this flag on the {{domxref("Response")}} object.
In the code below, a textual message is inserted into an element when a redirect occurred during the fetch operation.
Note, however, that this isn't as safe as outright rejecting redirects if they're unexpected, as described under [Disallowing redirects](#disallowing_redirects) below.
The {{domxref("Response.url", "url")}} property returns the final URL after redirects.
```js
fetch("awesome-picture.jpg")
.then((response) => {
const elem = document.getElementById("warning-message-box");
elem.textContent = response.redirected ? "Unexpected redirect" : "";
// final url obtained after redirects
console.log(response.url);
return response.blob();
})
.then((imageBlob) => {
const imgObjectURL = URL.createObjectURL(imageBlob);
document.getElementById("img-element-id").src = imgObjectURL;
});
```
### Disallowing redirects
Because using redirected to manually filter out redirects can allow forgery of redirects, you should instead set the redirect mode to `"error"` in the `init` parameter when calling {{domxref("Window/fetch", "fetch()")}}, like this:
```js
fetch("awesome-picture.jpg", { redirect: "error" })
.then((response) => response.blob())
.then((imageBlob) => {
const imgObjectURL = URL.createObjectURL(imageBlob);
document.getElementById("img-element-id").src = imgObjectURL;
});
```
## Specifications
{{Specifications}}
## Browser compatibility
{{Compat}}
## See also
- [Fetch API](/en-US/docs/Web/API/Fetch_API)
- [ServiceWorker API](/en-US/docs/Web/API/Service_Worker_API)
- [HTTP access control (CORS)](/en-US/docs/Web/HTTP/CORS)
- [HTTP](/en-US/docs/Web/HTTP)