Request: credentials property

{{APIRef("Fetch API")}}{{AvailableInWorkers}}

The credentials read-only property of the {{domxref("Request")}} interface reflects the value given to the {{domxref("Request.Request()", "Request()")}} constructor in the credentials option. It determines whether or not the browser sends credentials with the request, as well as whether any Set-Cookie response headers are respected.

Credentials are cookies, {{glossary("TLS")}} client certificates, or authentication headers containing a username and password.

See Including credentials for more details.

Value

A string with one of the following values:

• omit
  • : Never send credentials in the request or include credentials in the response.
• same-origin
  • : Only send and include credentials for same-origin requests. This is the default.
• include
  • : Always include credentials, even for cross-origin requests.

Examples

In the following snippet, we create a new request using the {{domxref("Request.Request", "Request()")}} constructor (for an image file in the same directory as the script), then save the request credentials in a variable:

const request = new Request("flowers.jpg");
const credentials = request.credentials; // returns "same-origin" by default

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

• ServiceWorker API
• HTTP access control (CORS)
• HTTP