Request: credentials property

The credentials read-only property of the Request interface indicates whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests.

Value

A RequestCredentials dictionary value indicating whether the user agent should send or receive cookies from the other domain in the case of cross-origin requests. Possible values are:

omit

Never send or receive cookies.

same-origin

Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.

include

Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.

This is similar to XHR's withCredentials flag, but with three available values instead of two.

Examples

In the following snippet, we create a new request using the Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:

js

const myRequest = new Request("flowers.jpg");
const myCred = myRequest.credentials; // returns "same-origin" by default

Specifications

Specification
Fetch Standard
# ref-for-dom-request-credentials②

Browser compatibility

BCD tables only load in the browser

See also