The credentials read-only property of the Request interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.
The credentials read-only property of the Request interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.
A RequestCredentials dictionary value indicating whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests. Possible values are:
omitNever send or receive cookies.
same-originSend user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
includeAlways send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
This is similar to XHR's withCredentials flag, but with three available values instead of two.
In the following snippet, we create a new request using the Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
js
const myRequest = new Request("flowers.jpg"); const myCred = myRequest.credentials; // returns "same-origin" by default
| Specification |
|---|
| Fetch Standard # ref-for-dom-request-credentials② |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
credentials |
40 | 14 | 39 | No | 27 | 10.1 | 40 | 40 | 39 | 27 | 10.3 | 4.0 |
default_same-origin |
72 | 18 | 61 | No | 55 | 12.1 | 72 | 72 | 61 | No | 12.2 | 11.0 |
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials