The credentials
read-only property of the Request
interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests.
Syntax
var myCred = request.credentials;
Value
A RequestCredentials
dictionary value indicating whether the user agent should send cookies from the other domain in the case of cross-origin requests. Possible values are:
omit
: Never send or receive cookies.same-origin
: Send user credentials (cookies, basic http auth, etc..) if the URL is on the same origin as the calling script. This is the default value.include
: Always send user credentials (cookies, basic http auth, etc..), even for cross-origin calls.
This is similar to XHR’s withCredentials
flag, but with three available values instead of two.
Example
In the following snippet, we create a new request using the Request.Request()
constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
var myRequest = new Request('flowers.jpg');
var myCred = myRequest.credentials; // returns "same-origin" by default
Specifications
Specification | Status | Comment |
FetchThe definition of 'credentials' in that specification. | Living Standard | Initial definition |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Chrome Full support 42 Full support 42 Full support 41 Disabled' From version 41: this feature is behind the |
Edge
Full support 14 |
Firefox Full support 39 Full support 39 Full support 34 Disabled' From version 34: this feature is behind the |
IE
No support No |
Opera Full support 29 Full support 29 Full support 28 Disabled' From version 28: this feature is behind the |
Safari
Full support 10.1 |
WebView Android
Full support 42 |
Chrome Android
Full support 42 |
Firefox Android
Full support Yes |
Opera Android Full support 29 Full support 29 Full support 28 Disabled' From version 28: this feature is behind the |
Safari iOS
Full support 10.3 |
Samsung Internet Android
Full support 4.0 |
Default value same-origin
|
Chrome
Full support 72 |
Edge
Full support 18 |
Firefox
Full support 61 |
IE
No support No |
Opera
Full support 55 |
Safari
Full support 12.1 |
WebView Android
Full support 72 |
Chrome Android
Full support 72 |
Firefox Android
Full support Yes |
Opera Android
No support No |
Safari iOS
Full support 12.2 |
Samsung Internet Android
Full support 11.0 |
Legend
- Full support
- Full support
- No support
- No support
- Experimental. Expect behavior to change in the future.'
- Experimental. Expect behavior to change in the future.
- User must explicitly enable this feature.'
- User must explicitly enable this feature.
See also
Request.credentials by Mozilla Contributors is licensed under CC-BY-SA 2.5.