W3cubDocs

/DOM

Request.credentials

The credentials read-only property of the Request interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests. This is similar to XHR’s withCredentials flag, but with three available values (instead of two):

omit: Never send cookies.
same-origin: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.
include: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.

Syntax

var myCred = request.credentials;

Value

A RequestCredentials value representing the credentials to use for this transaction.

Example

In the following snippet, we create a new request using the Request.Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:

var myRequest = new Request('flowers.jpg');
var myCred = myRequest.credentials; // returns "same-origin" by default

Specifications

Specification	Status	Comment
Fetch The definition of 'credentials' in that specification.	Living Standard	Initial definition

Browser compatibilityUpdate compatibility data on GitHub

	Desktop
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari
Basic support	42 42 41 Disabled Disabled From version 41: this feature is behind the `Experimental Web Platform Features` preference. To change preferences in Chrome, visit chrome://flags.	Yes	39 39 34 Disabled Disabled From version 34: this feature is behind the `dom.fetch.enabled` preference. To change preferences in Firefox, visit about:config.	No	29 29 28 Disabled Disabled From version 28: this feature is behind the `Experimental Web Platform Features` preference.	No
Default value `same-origin`	?	?	61	No	?	No