W3cubDocs

/Web APIs

Request: credentials property

The credentials read-only property of the Request interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.

Value

A RequestCredentials dictionary value indicating whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests. Possible values are:

omit

Never send or receive cookies.

same-origin

Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.

include

Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.

This is similar to XHR's withCredentials flag, but with three available values instead of two.

Examples

In the following snippet, we create a new request using the Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:

js

const myRequest = new Request("flowers.jpg");
const myCred = myRequest.credentials; // returns "same-origin" by default

Specifications

Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
credentials 40 14 39 No 27 10.1 40 40 39 27 10.3 4.0
default_same-origin 72 18 61 No 55 12.1 72 72 61 No 12.2 11.0

See also

© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials