LLMpediaThe first transparent, open encyclopedia generated by LLMs

WHATWG Fetch Living Standard

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cache API Hop 4
Expansion Funnel Raw 57 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted57
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
WHATWG Fetch Living Standard
TitleWHATWG Fetch Living Standard
StatusLiving standard
Initial release2014
MaintainerWHATWG
ScopeHTTP requests for web applications

WHATWG Fetch Living Standard

The WHATWG Fetch Living Standard is a continuously updated specification that defines the [Fetch API] interface used to perform network requests in web platforms and scripting environments. It specifies request and response objects, streaming, CORS behavior, and related algorithms for use by Mozilla Corporation, Google LLC, Apple Inc., and Microsoft Corporation implementers, and is referenced by standards bodies such as the World Wide Web Consortium and the Internet Engineering Task Force. The document coordinates behavior across implementations like Firefox, Chromium, WebKit, and environments like Node.js and Deno.

Overview

The Fetch specification formalizes the behavior of the Fetch API for developers building applications that interact with resources over Hypertext Transfer Protocol and HTTP/2, and extends concepts from predecessors like XMLHttpRequest and the HTML Living Standard. It defines objects such as Request, Response, Headers, and Body, as well as streaming primitives connected to ReadableStream and WritableStream from the Streams specification. Major web platform efforts and organizations including WHATWG, W3C, IETF HTTP Working Group, Google Chrome Team, Mozilla Developer Network, and ECMA International reference or implement the specification.

History and Development

The Fetch specification originated as a more modern alternative to XMLHttpRequest with roots in discussions among engineers at Mozilla Corporation, Google LLC, and Microsoft Corporation around 2012–2014. Influential contributors and organizations such as WHATWG, W3C, IETF, Apple Inc., and browser projects like Blink and Gecko iterated on drafts to align behavior across Chrome, Firefox, and Safari. The specification evolved through collaboration documented on platforms like GitHub and through standardization dialogues involving individuals from ECMA International and server-side runtime projects such as Node.js Foundation and Deno Land.

Core Concepts and Architecture

Fetch centers on several core abstractions: the Request and Response objects, header management via Headers, and body handling using stream abstractions from the Streams standard. It integrates with networking protocols including Hypertext Transfer Protocol and HTTP/2, and with security models such as Cross-Origin Resource Sharing and Same-Origin Policy. The architecture describes algorithms for request/response lifecycle, caching interactions with HTTP cache semantics, redirects, and error handling that interact with other web platform features like Service Workers, WebSocket, and Content Security Policy.

API Specification and Features

The specification defines constructors and methods such as fetch(), Request(), and Response(), plus helper behaviors for blob and form-data integration tied to File API and FormData. It prescribes streaming behaviors interoperable with the Streams specification, enabling features used by Service Workers for offline capabilities and by web applications leveraging Progressive Web App patterns. Fetch also addresses byte-range handling, multipart responses, and integration with signing and authentication schemes interoperable with OAuth 2.0, SAML, and TLS mechanisms from OpenSSL and BoringSSL stacks.

Security and Privacy Considerations

The document specifies security-sensitive algorithms addressing Cross-Origin Resource Sharing, Same-Origin Policy, Content Security Policy, and mixed-content handling to mitigate threats identified by communities around OWASP and standards bodies like IETF and W3C Security Community Group. It constrains credential mode behaviors for cookies and HTTP authentication to align with practices from RFC 6454 and privacy proposals advocated by projects at Mozilla Foundation and Electronic Frontier Foundation. It also discusses timing attacks and fingerprinting risks researched by academics associated with institutions such as MIT, Stanford University, and University of California, Berkeley.

Implementations and Browser Support

Major engine implementations include Chromium (via Blink), Firefox (via Gecko), and WebKit (used by Safari), with server and runtime support in Node.js, Deno, and Cloudflare Workers. The spec’s behavior is tested against suites maintained by W3C Test Suite contributors and interoperability efforts coordinated on GitHub and in working groups involving WHATWG and W3C. Browser vendors like Google LLC, Mozilla Corporation, Apple Inc., and Microsoft Corporation track Fetch behavior through coordinated releases of Chrome, Firefox, Safari, and Edge respectively.

Fetch interacts closely with other web standards including the HTML Living Standard, the Streams specification, the Service Workers specification, the WebSocket standard, and networking protocols developed by the IETF HTTP Working Group such as HTTP/2 and HTTP/3. It complements security and privacy efforts like Content Security Policy and Cross-Origin Resource Sharing and is referenced in developer-facing platforms and ecosystems maintained by ECMA International, W3C, WHATWG, and major open-source projects including Node.js and Chromium.

Category:Web APIs