Use of httpservletrequest get body

Using fetch

The Fetch API provides a JavaScript interface for accessing and manipulating parts of the HTTP pipeline, such as requests and responses. It also provides a global method that provides an easy, logical way to fetch resources asynchronously across the network.

This kind of functionality was previously achieved using. Fetch provides a better alternative that can be easily used by other technologies such as. Fetch also provides a single logical place to define other HTTP-related concepts such as CORS and extensions to HTTP.

The specification differs from in the following significant ways:

  • The Promise returned from won't reject on HTTP error status even if the response is an HTTP 404 or 500. Instead, as soon as the server responds with headers, the Promise will resolve normally (with the property of the response set to false if the response isn't in the range 200-299) , and it will only reject on network failure or if anything prevented the request from completing.
  • won't send cross-origin cookies unless you set the credentialsinit option. (Since April 2018. The spec changed the default credentials policy to. Firefox changed since 61.0b13.)

A basic fetch request is really simple to set up. Have a look at the following code:

Here we are fetching a JSON file across the network and printing it to the console. The simplest use of takes one argument - the path to the resource you want to fetch - and returns a promise containing the response (an object).

This is just an HTTP response, not the actual JSON. To extract the JSON body content from the response, we use the method (defined on the mixin, which is implemented by both the and objects.)


The Body mixin also has similar methods to extract other types of body content; see the Body section for more.

Fetch requests are controlled by the directive of Content Security Policy rather than the directive of the resources it's retrieving.

Supplying request options

The method can optionally accept a second parameter, an object that allows you to control a number of different settings:

See for the full options available, and more details.

Note that only allows a limited set of headers in the request:

  • with a value of,, or

Sending a request with credentials included

To cause browsers to send a request with credentials included on both same-origin and cross-origin calls, add to the object you pass to the method.


is prohibited from using a wildcard for requests with. In such cases, the exact origin must be provided; even if you are using a CORS unblocker extension, the requests will still fail.

If you only want to send credentials if the request URL is on the same origin as the calling script, add.

To instead ensure browsers don’t include credentials in the request, use.

Uploading JSON data

Use to POST JSON-encoded data.

Uploading a file

Files can be uploaded using an HTML input element, and.

Uploading multiple files

Files can be uploaded using an HTML input element, and.

Processing a text file line by line

The chunks that are read from a response are not broken neatly at line boundaries and are Uint8Arrays, not strings. If you want to fetch a text file and process it line by line, it is up to you to handle these complications. The following example shows one way to do this by creating a line iterator (for simplicity, it assumes the text is UTF-8, and doesn't handle fetch errors).

Checking that the fetch was successful

A promise will reject with a when a network error is encountered or CORS is misconfigured on the server-side, although this usually means permission issues or similar - a 404 does not constitute a network error, for example. An accurate check for a successful would include checking that the promise resolved, then checking that the property has a value of true. The code would look something like this:

Supplying your own request object

Instead of passing a path to the resource you want to request into the call, you can create a request object using the constructor, and pass that in as a method argument:

accepts exactly the same parameters as the method. You can even pass in an existing request object to create a copy of it:

This is pretty useful, as request and response bodies are one use only. Making a copy like this allows you to make use of the request / response again while varying the options if desired. The copy must be made before the body is read, and reading the body in the copy will also mark it as read in the original request.


There is also a method that creates a copy. Both methods of creating a copy will fail if the body of the original request or response has already been read, but reading the body of a cloned response or request will not cause it to be marked as read in the original.


The interface allows you to create your own headers object via the constructor. A headers object is a simple multi-map of names to values:

The same can be achieved by passing an array of arrays or an object literal to the constructor:

The contents can be queried and retrieved:

Some of these operations are only useful in, but they provide a much nicer API for manipulating headers.

All of the Headers methods throw a if a header name is used that is not a valid HTTP header name. The mutation operations will throw a if there is an immutable guard (see below). Otherwise, they fail silently. For example:

A good use case for headers is checking whether the content type is correct before you process it further. For example:


Since headers can be sent in requests and received in responses, and have various limitations about what information can and should be mutable, headers' objects have a guard property. This is not exposed to the web, but it affects which mutation operations are allowed on the headers object.

Possible guard values ​​are:

  • : default.
  • : guard for a headers object obtained from a request ().
  • : guard for a headers object obtained from a request created with.
  • : guard for a headers object obtained from a response ().
  • : guard that renders a headers object read-only; mostly used for ServiceWorkers.


You may not append or set the header on a guarded headers object for a. Similarly, inserting into a response header is not allowed: ServiceWorkers are not allowed to set cookies via synthesized responses.

Response objects

As you have seen above, instances are returned when promises are resolved.

The most common response properties you'll use are:

  • - An integer (default value 200) containing the response status code.
  • - A string (default value ""), which corresponds to the HTTP status code message. Note that HTTP / 2 does not support status messages.
  • - seen in use above, this is a shorthand for checking that status is in the range 200-299 inclusive. This returns a.

They can also be created programmatically via JavaScript, but this is only really useful in, when you are providing a custom response to a received request using a method:

The constructor takes two optional arguments - a body for the response, and an init object (similar to the one that accepts.)


The static method returns an error response. Similarly, returns a response resulting in a redirect to a specified URL. These are also only relevant to Service Workers.


Both requests and responses may contain body data. A body is an instance of any of the following types:

The mixin defines the following methods to extract a body (implemented by both and). These all return a promise that is eventually resolved with the actual content.

This makes usage of non-textual data much easier than it was with XHR.

Request bodies can be set by passing body parameters:

Both request and response (and by extension the function), will try to intelligently determine the content type. A request will also automatically set a header if none is set in the dictionary.

Feature detection

Fetch API support can be detected by checking for the existence of,, or on the or scope. For example:


To use Fetch in unsupported browsers, there is a Fetch Polyfill available that recreates the functionality for non-supporting browsers.


FetchLiving standardInitial definition

Browser compatibility

BCD tables only load in the browser

So see