ThecrossOrigin property of theHTMLScriptElement interface reflects theCross-Origin Resource Sharing settings for the script element. For classic scripts from otherorigins, this controls if full error information will be exposed. For module scripts, it controls the script itself and any script it imports. SeeCORS settings attributes for details.

Value

A string of a keyword specifying the CORS mode to use when fetching the resource. Possible values are:

anonymous or an empty string ("")

Requests sent by theHTMLScriptElement will use thecorsmode and thesame-origincredentials mode. This means that CORS is enabled and credentials are sentif the resource is fetched from the same origin from which the document was loaded.

use-credentials

Requests sent by theHTMLScriptElement will use thecorsmode and theincludecredentials mode. All resources requests by the element will use CORS, regardless of which domain the fetch is from.

If thecrossOrigin property is specified with any other value, it is the same as specifying it as theanonymous.

If thecrossOrigin property is not specified, the resource is fetched without CORS (theno-corsmode and thesame-origincredentials mode).

Specifications

Browser compatibility

See also

• HTMLImageElement.crossOrigin
• HTMLLinkElement.crossOrigin
• HTMLMediaElement.crossOrigin