This is precisely as the documentation says it should be:
no-cors
— Prevents the method from being anything other than HEAD, GET or POST, and the headers from being anything other than simple headers. ... In addition, JavaScript may not access any properties of the resulting Response. This ... prevents security and privacy issues arising from leaking data across domains.
Specifying
mode:'no-cors'
is
not a magic bullet to circumvent the cross-origin restrictions specified by the target site.
Unless you can get the cooperation of the owners of the target site, you will need to create a proxy script on your own server to request the remote resource.