Package detail

whatwg-fetch

github57.6mMIT3.6.20

A window.fetch polyfill.

readme

window.fetch polyfill

The fetch() function is a Promise-based mechanism for programmatically making web requests in the browser. This project is a polyfill that implements a subset of the standard Fetch specification, enough to make fetch a viable replacement for most uses of XMLHttpRequest in traditional web applications.

Read this first
Installation
Usage
Browser Support

Read this first

If you believe you found a bug with how fetch behaves in your browser, please don't open an issue in this repository unless you are testing in an old version of a browser that doesn't support window.fetch natively. Make sure you read this entire readme, especially the Caveats section, as there's probably a known work-around for an issue you've found. This project is a polyfill, and since all modern browsers now implement the fetch function natively, no code from this project actually takes any effect there. See Browser support for detailed information.
If you have trouble making a request to another domain (a different subdomain or port number also constitutes another domain), please familiarize yourself with all the intricacies and limitations of CORS requests. Because CORS requires participation of the server by implementing specific HTTP response headers, it is often nontrivial to set up or debug. CORS is exclusively handled by the browser's internal mechanisms which this polyfill cannot influence.
This project doesn't work under Node.js environments. It's meant for web browsers only. You should ensure that your application doesn't try to package and run this on the server.
If you have an idea for a new feature of fetch, submit your feature requests to the specification's repository. We only add features and APIs that are part of the Fetch specification.

Installation

npm install whatwg-fetch --save

You will also need a Promise polyfill for older browsers. We recommend taylorhakes/promise-polyfill for its small size and Promises/A+ compatibility.

Usage

Importing

Importing will automatically polyfill window.fetch and related APIs:

import 'whatwg-fetch'

window.fetch(...)

If for some reason you need to access the polyfill implementation, it is available via exports:

import {fetch as fetchPolyfill} from 'whatwg-fetch'

window.fetch(...)   // use native browser version
fetchPolyfill(...)  // use polyfill implementation

This approach can be used to, for example, use abort functionality in browsers that implement a native but outdated version of fetch that doesn't support aborting.

For use with webpack, add this package in the entry configuration option before your application entry point:

entry: ['whatwg-fetch', ...]

HTML

fetch('/users.html')
  .then(function(response) {
    return response.text()
  }).then(function(body) {
    document.body.innerHTML = body
  })

JSON

fetch('/users.json')
  .then(function(response) {
    return response.json()
  }).then(function(json) {
    console.log('parsed json', json)
  }).catch(function(ex) {
    console.log('parsing failed', ex)
  })

Response metadata

fetch('/users.json').then(function(response) {
  console.log(response.headers.get('Content-Type'))
  console.log(response.headers.get('Date'))
  console.log(response.status)
  console.log(response.statusText)
})

Post form

var form = document.querySelector('form')

fetch('/users', {
  method: 'POST',
  body: new FormData(form)
})

Post JSON

fetch('/users', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: 'Hubot',
    login: 'hubot',
  })
})

File upload

var input = document.querySelector('input[type="file"]')

var data = new FormData()
data.append('file', input.files[0])
data.append('user', 'hubot')

fetch('/avatars', {
  method: 'POST',
  body: data
})

Caveats

The Promise returned from fetch() won't reject on HTTP error status even if the response is an HTTP 404 or 500. Instead, it will resolve normally, and it will only reject on network failure or if anything prevented the request from completing.
For maximum browser compatibility when it comes to sending & receiving cookies, always supply the credentials: 'same-origin' option instead of relying on the default. See Sending cookies.
Not all Fetch standard options are supported in this polyfill. For instance, redirect and cache directives are ignored.
keepalive is not supported because it would involve making a synchronous XHR, which is something this project is not willing to do. See issue #700 for more information.

Handling HTTP error statuses

To have fetch Promise reject on HTTP error statuses, i.e. on any non-2xx status, define a custom response handler:

function checkStatus(response) {
  if (response.status >= 200 && response.status < 300) {
    return response
  } else {
    var error = new Error(response.statusText)
    error.response = response
    throw error
  }
}

function parseJSON(response) {
  return response.json()
}

fetch('/users')
  .then(checkStatus)
  .then(parseJSON)
  .then(function(data) {
    console.log('request succeeded with JSON response', data)
  }).catch(function(error) {
    console.log('request failed', error)
  })

Sending cookies

For CORS requests, use credentials: 'include' to allow sending credentials to other domains:

fetch('https://example.com:1234/users', {
  credentials: 'include'
})

The default value for credentials is "same-origin".

The default for credentials wasn't always the same, though. The following versions of browsers implemented an older version of the fetch specification where the default was "omit":

Firefox 39-60
Chrome 42-67
Safari 10.1-11.1.2

If you target these browsers, it's advisable to always specify credentials: 'same-origin' explicitly with all fetch requests instead of relying on the default:

fetch('/users', {
  credentials: 'same-origin'
})

Note: due to limitations of XMLHttpRequest, using credentials: 'omit' is not respected for same domains in browsers where this polyfill is active. Cookies will always be sent to same domains in older browsers.

Receiving cookies

As with XMLHttpRequest, the Set-Cookie response header returned from the server is a forbidden header name and therefore can't be programmatically read with response.headers.get(). Instead, it's the browser's responsibility to handle new cookies being set (if applicable to the current URL). Unless they are HTTP-only, new cookies will be available through document.cookie.

Redirect modes

The Fetch specification defines these values for the redirect option: "follow" (the default), "error", and "manual".

Due to limitations of XMLHttpRequest, only the "follow" mode is available in browsers where this polyfill is active.

Obtaining the Response URL

Due to limitations of XMLHttpRequest, the response.url value might not be reliable after HTTP redirects on older browsers.

The solution is to configure the server to set the response HTTP header X-Request-URL to the current URL after any redirect that might have happened. It should be safe to set it unconditionally.

# Ruby on Rails controller example
response.headers['X-Request-URL'] = request.url

This server workaround is necessary if you need reliable response.url in Firefox < 32, Chrome < 37, Safari, or IE.

Aborting requests

This polyfill supports the abortable fetch API. However, aborting a fetch requires use of two additional DOM APIs: AbortController and AbortSignal. Typically, browsers that do not support fetch will also not support AbortController or AbortSignal. Consequently, you will need to include an additional polyfill for these APIs to abort fetches:

import 'yet-another-abortcontroller-polyfill'
import {fetch} from 'whatwg-fetch'

// use native browser implementation if it supports aborting
const abortableFetch = ('signal' in new Request('')) ? window.fetch : fetch

const controller = new AbortController()

abortableFetch('/avatars', {
  signal: controller.signal
}).catch(function(ex) {
  if (ex.name === 'AbortError') {
    console.log('request aborted')
  }
})

// some time later...
controller.abort()

Browser Support

Chrome
Firefox
Safari 6.1+
Internet Explorer 10+

Note: modern browsers such as Chrome, Firefox, Microsoft Edge, and Safari contain native implementations of window.fetch, therefore the code from this polyfill doesn't have any effect on those browsers. If you believe you've encountered an error with how window.fetch is implemented in any of these browsers, you should file an issue with that browser vendor instead of this project.

changelog

Changelog

All notable changes to this project will be documented in this file. Dates are displayed in UTC.

3.6.20 (2023-12-13)

Bug Fixes

Response.error().ok === false (#1412) (27e1c75)

3.6.19 (2023-09-11)

Bug Fixes

Have unique error messages for xhr timeouts and errors (#1380) (7170f0b)

v3.6.18

Fix - File fetching broken since commit 0c1d2b9 #1375
Remove broken links 1dc07c6
automatically generate a changelog 0e7d1dd

v3.6.17

Revert "Resolves https://github.com/JakeChampion/fetch/issues/928" #928

v3.6.16

Resolves https://github.com/JakeChampion/fetch/issues/928 #928

v3.6.15

fix https://github.com/JakeChampion/fetch/issues/997 #997

v3.6.14

Fix https://github.com/JakeChampion/fetch/issues/1076 #1076

v3.6.13

respect charset within readBlobAsText #1059

v3.6.12

fix: Headers only accepts array which have nested array of length 2 #1235

v3.6.11

Define Body.arrayBuffer even if support.blob is false #992

v3.6.10

use globals if they exist dffc542

v3.6.9

fix: when no body supplied, do not set bodyUsed to true 7d92dff

v3.6.8

validate status is in range #1213

v3.6.7

dont shadow global #1026
dont use github eslint 408d3b6
remove invalid-headers test e3f6590
Update lock.yml permissions e97321b

v3.6.6

fix: ignore not throw on invalid response headers #930

v3.6.5

Add some missed methods which should be normalized as uppercase a43b628
Update caniuse link to use HTTPS and new pattern fb5b0cf

v3.6.4

always set a signal on Request d1d09fb

v3.6.3

Compatible global equals to the false 7727e50

v3.6.2

Revert "Represent non-stringified JSON request body as an [object Object] string" e42f201

v3.6.1

Fix MSIE compatibility da97bdb
use var instead of const 5d3952d
Restore package.json 6b4bd97

v3.6.0

Fix statusText: undefined should give '' and null should give 'null' b5c8bd0
Represent non-stringified JSON request body as an [object Object] string 5c6b055
Fix eslint and eslint-plugin-github dependency conflicts 190e698

v3.5.0

Fixes #748 #748
Create lock.yml 8767781

v3.4.1

Add npmignore file to ensure we always publish the dist directory 7ca02eb
Make the clean task remove the dist directory and the default task create it fd23745

v3.4.0

Use globalThis as the global object if it exists 96c2651

v3.3.1

rename variable to no longer shadow over function of same name c5db762
remove semicolon to pass linting f264aa5

v3.3.0

Make Response.arrayBuffer() always resolve with a ArrayBuffer #801
Stop using top-level this to stop rollup warning #802
Recommend an AbortController polyfill which is fully synchronous #800
Add keepalive caveat #780
Throw a TypeError if Request or Response functions are called without new 5ef028d
If headers are passed in via a Record then do not normalise the header names as part of the request b65ed60
Update fetch.js 37b55c2

v3.2.0

Detect if DOMException exists via typeof instead of trying to call it and catching the exception which may get thrown #724
use this if self is not defined #657
create variable called global which is either self or this a0783a5
Add support for no-cache and no-store via a cache-busting querystring parameter a0dcd85
make global this correct when using rollup 6e9fc0e