The credentials
read-only property of the Request
interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.
The credentials
read-only property of the Request
interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.
A RequestCredentials
dictionary value indicating whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests. Possible values are:
omit
Never send or receive cookies.
same-origin
Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include
Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
This is similar to XHR's withCredentials
flag, but with three available values instead of two.
In the following snippet, we create a new request using the Request()
constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
js
const myRequest = new Request("flowers.jpg"); const myCred = myRequest.credentials; // returns "same-origin" by default
Specification |
---|
Fetch Standard # ref-for-dom-request-credentials② |
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
credentials |
40 | 14 | 39 | No | 27 | 10.1 | 40 | 40 | 39 | 27 | 10.3 | 4.0 |
default_same-origin |
72 | 18 | 61 | No | 55 | 12.1 | 72 | 72 | 61 | No | 12.2 | 11.0 |
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials