Document

antipatternperformance

sync-xhr

The sync-xhr policy controls whether synchronous requests can be made through the XMLHttpRequest API.

If disallowed in a document, then calls to send() on XMLHttpRequest objects with the synchronous flag set will fail, causing a NetworkError DOMException to be thrown.

How to apply this policy

Send the following HTTP header to control the sync-xhr policy, and disallow it on all origins:

Feature-Policy: sync-xhr 'none'

Affected use case example

Allow policy

JavaScript

const xhr = new XMLHttpRequest();
        xhr.open('GET', '/test-assets/simple-text.txt', false); // sync
        xhr.send();
        document.body.innerHTML = xhr.response;
        DemoUtils.reportDemoResult(true);

Output

Waiting for the demo to report a result...

Does it work?

Currently Firefox, and Chromium based browsers, such as Google Chrome, Samsung Internet, and Opera, are the only user-agents to support Feature Policy. The minimum version that correctly recognises the sync-xhr policy is:

Not supported

65+

Not supported

Not supported

Feature policy playground

sync-xhr

How to apply this policy

Affected use case example

JavaScript

Output

Does it work?

See also

Discussion