The credentials
read-only property of the Request
interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests. This is similar to XHR’s withCredentials
flag, but with three available values (instead of two):
omit
: Never send cookies.same-origin
: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script.include
: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
Syntax
var myCred = request.credentials;
Value
A RequestCredentials
value.
Example
In the following snippet, we create a new request using the Request.Request()
constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
var myRequest = new Request('flowers.jpg'); var myCred = myRequest.credentials; // returns "omit" by default
Specifications
Specification | Status | Comment |
---|---|---|
Fetch The definition of 'credentials' in that specification. |
Living Standard | Initial definition |
Browser compatibility
Feature | Chrome | Edge | Firefox (Gecko) | Internet Explorer | Opera | Safari (WebKit) |
---|---|---|---|---|---|---|
Basic support | 42 41[1] |
(Yes) | 39 (39) 34[1] |
No support |
29 |
No support |
Feature | Android | Edge | Firefox Mobile (Gecko) | Firefox OS (Gecko) | IE Phone | Opera Mobile | Safari Mobile | Chrome for Android |
---|---|---|---|---|---|---|---|---|
Basic support | No support | (Yes) | No support | No support | No support | No support | No support | No support |
[1] This feature is implemented behind a preference.
See also
Document Tags and Contributors
Tags:
Contributors to this page:
nootanghimire,
katsuraku,
chrisdavidmills,
abbycar,
Sebastianz,
jpmedley,
kscarfone
Last updated by:
nootanghimire,