credentials read-only property of the
Request interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests. This is similar to XHR’s
withCredentials flag, but with three available values (instead of two):
omit: Never send cookies.
same-origin: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
var myCred = request.credentials;
RequestCredentials value representing the credentials to use for this transaction.
In the following snippet, we create a new request using the
Request.Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
var myRequest = new Request('flowers.jpg'); var myCred = myRequest.credentials; // returns "same-origin" by default
The definition of 'credentials' in that specification.
|Living Standard||Initial definition|
|Default value ||?||?||61||No||?||No|
|Feature||Android webview||Chrome for Android||Edge mobile||Firefox for Android||Opera Android||iOS Safari||Samsung Internet|
|Basic support||No||42 — 46||Yes||No||No||No||4.0|
|Default value ||?||?||?||No||No||No||?|
1. From version 41: this feature is behind the
Experimental Web Platform Features preference. To change preferences in Chrome, visit chrome://flags.
2. From version 34: this feature is behind the
dom.fetch.enabled preference. To change preferences in Firefox, visit about:config.
3. From version 28: this feature is behind the
Experimental Web Platform Features preference.