Why not all headers can be found in fetch's response?

Question

I'm trying to intercept Set-Cookie response header from fetch's response:

fetch('https://upload.wikimedia.org/wikipedia/commons/4/47/PNG_transparency_demonstration_1.png', {	method: 'get' }).then(function(response) { for (var pair of response.headers.entries()) { console.log(`${pair[0]}: ${pair[1]}`); } });

But not all of the headers (as can be seen in developer tools' network) can be found in there! Why is that? Is there any way I can get the header I'm looking for?

Just for clarification, I'm not looking for the cookie but I'm interested to know when the Set-Cookie header is sent.

Fetch API cannot load https://google.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.google.com' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. — guest271314
– guest271314, Commented Sep 24, 2016 at 4:01
@guest271314 That's because I could not find any website with Access-Control-Allow-Origin: *. If you know any, please tell me. — Mehran
– Mehran, Commented Sep 24, 2016 at 4:03

TomLingham · Accepted Answer · 2016-09-24 04:06:37Z

You cannot read the Set-Cookie header as it is declared as forbidden. The fetch polyfill on github provides a reasonable explanation:

Like with XMLHttpRequest, the Set-Cookie response header returned from the server is a forbidden header name and therefore can't be programatically read with response.headers.get(). Instead, it's the browser's responsibility to handle new cookies being set (if applicable to the current URL). Unless they are HTTP-only, new cookies will be available through document.cookie.

https://github.com/github/fetch#receiving-cookies

Collectives™ on Stack Overflow

Why not all headers can be found in fetch's response?

1 Answer 1

Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Linked

Related