SyntaxStudy
Sign Up
JavaScript CORS and Credentials
Previous Next
JavaScript Intermediate 4 min read

CORS and Credentials

CORS

Cross-Origin Resource Sharing restricts which origins can call your API. The credentials option controls whether cookies are sent.

Example 
// Same-origin: cookies sent by default
await fetch("/api/data");
// Cross-origin with cookies
await fetch("https://api.example.com/data", { credentials: "include" });
// No credentials (default for cross-origin)
await fetch("https://api.example.com/data", { credentials: "omit" });
// Server must respond with: Access-Control-Allow-Origin: https://your-site.com
// Access-Control-Allow-Credentials: true
JAVASCRIPT
Full Editor
Pro Tip

credentials: "include" requires the server to respond with specific CORS headers — * is not allowed.

Related Resources

JavaScript Reference
Complete tag & property list
JavaScript How-To Guides
Step-by-step practical guides
JavaScript Exercises
Practice what you've learned

More in JavaScript

JS Introduction JS Variables JS Functions JS DOM JS Strings JS Numbers & Math
Previous
Reading Response Bodies
Next
Building a Fetch Wrapper