Draft This page is not complete.
The crossorigin attribute, valid on the <audio>
, <img>
, <link>
, <script>
, and <video>
elements, provides support for CORS, defining how the element handles crossorigin requests, thereby enabling the configuration of the CORS requests for the element's fetched data. Depending on the element, the attribute can be a CORS settings attribute.
The crossorigin
content attribute on media elements is a CORS settings attribute.
These attributes are enumerated, and have the following possible values:
Keyword | Description |
anonymous
|
CORS requests for this element will have the credentials flag set to 'same-origin'. |
use-credentials
|
CORS requests for this element will have the credentials flag set to 'include'. |
""
|
Setting the attribute name to an empty value, like crossorigin or crossorigin="" , is the same as anonymous .
|
By default (that is, when the attribute is not specified), CORS is not used at all. The "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication as described in the Terminology section of the CORS specification, unless it is in the same origin.
An invalid keyword and an empty string will be handled as the anonymous
keyword.
Prior to Firefox 83 the crossorigin
attribute was not supported for rel="icon"
there is also an open issue for Chrome.
Example: crossorigin with the script element
You can use the following <script>
element to tell a browser to execute the https://example.com/example-framework.js
script without sending user-credentials.
<script src="https://example.com/example-framework.js" crossorigin="anonymous"></script>
Example: Webmanifest with credentials
The use-credentials
value must be used when fetching a manifest that requires credentials, even if the file is from the same origin.
<link rel="manifest" href="/app.webmanifest" crossorigin="use-credentials">
Specifications
Specification | Status | Comment |
---|---|---|
HTML Living StandardThe definition of 'CORS settings attributes' in that specification. | Living Standard | |
HTML Living StandardThe definition of 'crossorigin' in that specification. | Living Standard |
Browser compatibility
<script crossorigin>
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
crossorigin
|
Chrome
Full support 30 |
Edge
Full support ≤18 |
Firefox
Full support 13 |
IE
No support No |
Opera
Full support 12 |
Safari Full support Yes Full support Yes Notes' The |
WebView Android
Full support Yes |
Chrome Android
Full support Yes |
Firefox Android
Full support 14 |
Opera Android
? |
Safari iOS
? |
Samsung Internet Android
Full support Yes |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
- See implementation notes.'
- See implementation notes.
<video crossorigin>
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
crossorigin
|
Chrome
? |
Edge
Full support ≤18 |
Firefox
Full support 12 |
IE
? |
Opera
? |
Safari
? |
WebView Android
? |
Chrome Android
? |
Firefox Android
Full support 14 |
Opera Android
? |
Safari iOS
? |
Samsung Internet Android
? |
Legend
- Full support
- Full support
- Compatibility unknown
- Compatibility unknown
<link crossorigin>
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
crossorigin
|
Chrome
Full support 25 |
Edge
Full support 79 |
Firefox
Full support 18 |
IE
No support No |
Opera
Full support 15 |
Safari
? |
WebView Android
Full support 37 |
Chrome Android
Full support Yes |
Firefox Android
Full support 18 |
Opera Android
? |
Safari iOS
? |
Samsung Internet Android
Full support Yes |
Legend
- Full support
- Full support
- No support
- No support
- Compatibility unknown
- Compatibility unknown
See also
HTML attribute: crossorigin by Mozilla Contributors is licensed under CC-BY-SA 2.5.