Esta tradução está incompleta. Por favor, ajude a traduzir este artigo.

A propriedade XMLHttpRequest.withCredentials contém um valor  Boolean que indica se os pedidos de controle de acesso (Access-Control) entre sites devem ou não ser feitos usando credenciais (como cookies, cabeçalhos de autorização ou certificados de clientes TLS). Essa propriedade não tem efeito em solicitações do mesmo site.

In addition, this flag is also used to indicate when cookies are to be ignored in the response. The default is false. XMLHttpRequest from a different domain cannot set cookie values for their own domain unless withCredentials is set to true before making the request. The third-party cookies obtained by setting withCredentials to true will still honor same-origin policy and hence can not be accessed by the requesting script through document.cookie or from response headers.

Note: This never affects same-site requests.

Note: XmlHttpRequest responses from a different domain cannot set cookie values for their own domain unless withCredentials is set to true before making the request, regardless of Access-Control- header values. 


var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/', true);
xhr.withCredentials = true;


Specification Status Comment
XMLHttpRequest Padrão em tempo real WHATWG living standard

Browser compatibility

We're converting our compatibility data into a machine-readable JSON format. This compatibility table still uses the old format, because we haven't yet converted the data it contains. Find out how you can help!

Feature Chrome Edge Firefox (Gecko) Internet Explorer Opera Safari (WebKit)
Basic support 3 (Yes) 3.5 (1.9.1)[2] 10[1] 12 4
Feature Android Chrome for Android Edge Firefox Mobile (Gecko) IE Mobile Opera Mobile Safari Mobile
Basic support ? ? ? (Yes)[2] ? ? ?

[1] Internet Explorer versions 8 and 9 supported cross domain requests (CORS) using XDomainRequest.

[2] Starting with Gecko 11.0 (Firefox 11.0 / Thunderbird 11.0 / SeaMonkey 2.8), Gecko no longer lets you use the withCredentials attribute when performing synchronous requests. Attempting to do so throws an NS_ERROR_DOM_INVALID_ACCESS_ERR exception.

Etiquetas do documento e colaboradores

 Colaboradores desta página: Ningishzidda
 Última atualização por: Ningishzidda,