The credentials read-only property of the Request interface indicates whether the user agent should send cookies from the other domain in the case of cross-origin requests. This is similar to XHR’s withCredentials flag, but with three available values (instead of two):
omit: Never send cookies.same-origin: Send cookies if the URL is on the same origin as the calling script.include: Always send cookies, even for cross-origin calls.
Syntax
var myCred = request.credentials;
Value
A RequestCredentials value.
Example
In the following snippet, we create a new request using the Request.Request() constructor (for an image file in the same directory as the script), then save the request credentials in a variable:
var myRequest = new Request('flowers.jpg');
var myCred = myRequest.credentials; // returns "omit" by default
Specifications
| Specification | Status | Comment |
|---|---|---|
| Fetch The definition of 'credentials' in that specification. |
Living Standard | Initial definition |
Browser compatibility
| Feature | Chrome | Edge | Firefox (Gecko) | Internet Explorer | Opera | Safari (WebKit) |
|---|---|---|---|---|---|---|
| Basic support | 42 41[1] |
(Yes) | 39 (39) 34[1] |
No support |
29 |
No support |
| Feature | Android | Edge | Firefox Mobile (Gecko) | Firefox OS (Gecko) | IE Phone | Opera Mobile | Safari Mobile | Chrome for Android |
|---|---|---|---|---|---|---|---|---|
| Basic support | No support | (Yes) | No support | No support | No support | No support | No support | No support |
[1] This feature is implemented behind a preference.