The credentials read-only property of the Request interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.
Request: credentials property
Value
A RequestCredentials dictionary value indicating whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests. Possible values are:
-
omit -
Never send or receive cookies.
-
same-origin -
Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
-
include -
Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
This is similar to XHR's withCredentials flag, but with three available values instead of two.
Examples
In the following snippet, we create a new request using the Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
js
const myRequest = new Request("flowers.jpg");
const myCred = myRequest.credentials; // returns "same-origin" by default
Specifications
| Specification |
|---|
| Fetch Standard # ref-for-dom-request-credentials② |
Browser compatibility
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
credentials |
40 | 14 | 39 | No | 27 | 10.1 | 40 | 40 | 39 | 27 | 10.3 | 4.0 |
default_same-origin |
72 | 18 | 61 | No | 55 | 12.1 | 72 | 72 | 61 | No | 12.2 | 11.0 |
See also
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials