Request.credentials

This is an experimental technology
Because this technology's specification has not stabilized, check the compatibility table for usage in various browsers. Also note that the syntax and behavior of an experimental technology is subject to change in future versions of browsers as the specification changes.

The credentials read-only property of the Request interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests. This is similar to XHR’s withCredentials flag, but with three available values (instead of two):

  • omit: Never send cookies.
  • same-origin: Only send cookies if the URL is on the same origin as the calling script.
  • include: Always send cookies, even for cross-origin calls.

Syntax

var myCred = request.credentials;

Value

A RequestCredentials value.

Example

In the following snippet, we create a new request using the Request.Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:

var myRequest = new Request('flowers.jpg');
var myCred = myRequest.credentials; // returns "omit" by default

Specifications

Specification Status Comment
Fetch
The definition of 'credentials' in that specification.
Living Standard Initial definition

Browser compatibility

Feature Chrome Firefox (Gecko) Internet Explorer Opera Safari (WebKit)
Basic support 42
41[1]
39 (39)
34[1]
No support

29
28[1]

No support
Feature Android Firefox Mobile (Gecko) Firefox OS (Gecko) IE Phone Opera Mobile Safari Mobile Chrome for Android
Basic support No support No support No support No support No support No support No support

[1] This feature is implemented behind a preference.

See also

Document Tags and Contributors

 Contributors to this page: Sebastianz, chrisdavidmills, jpmedley, kscarfone
 Last updated by: Sebastianz,