Request: credentials property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since March 2017.
The credentials read-only property of the Request interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.
Value
A RequestCredentials dictionary value indicating whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests. Possible values are:
omit-
Never send or receive cookies.
same-origin-
Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include-
Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
This is similar to XHR's withCredentials flag, but with three available values instead of two.
Examples
In the following snippet, we create a new request using the Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
const myRequest = new Request("flowers.jpg");
const myCred = myRequest.credentials; // returns "same-origin" by default
Specifications
| Specification |
|---|
| Fetch Standard # ref-for-dom-request-credentials② |
Browser compatibility
| desktop | mobile | server | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
credentials | ||||||||||||
Default value same-origin | ||||||||||||