You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, this is working as intended because the default mode for fetch is 'no-cors' and that option restricts requests to using CORS-safelisted request headers, and x-api-key is not among them.
The only relevant thing that we could perhaps do in Ky would be to use a different default mode.
Interestingly, the fetch standard specifically calls out 'no-cors' as an unsafe mode, so it's definitely worth considering other options.
Even though the default requestmode is "no-cors", standards are highly discouraged from using it for new features. It is rather unsafe.
So, should we continue using the same default as fetch or should we diverge here? Personally, I'd be happy for us to use 'same-origin', which causes an explicit error to be thrown for cross origin requests instead of this magical behavior.
sholladay
changed the title
Headers not send with no-cors mode
Change the default request mode to avoid CORS confusion
Feb 23, 2022
If the mode has been set to
no-cors
the headers won't be sended.I create a example stackblitz
Normal mode
No-cors mode
The text was updated successfully, but these errors were encountered: