Details on cross-origin requests & credentials
Cross-origin requests initiated by embedded images and forms actually bring cookies by default. Though it is incorrect to say that all cross-origin requests do not bring credentials by default.
This commit is contained in:
Temirzhan Yussupov
GitHub
parent
0da5b2b68c
commit
46daea1596
1 changed files with 1 additions and 1 deletions
|
|
@ -309,7 +309,7 @@ JavaScript only gets the response to the main request or an error if there's no
|
||||||
|
|
||||||
## Credentials
|
## Credentials
|
||||||
|
|
||||||
A cross-origin request by default does not bring any credentials (cookies or HTTP authentication).
|
A cross-origin request initiated by JavaScript code by default does not bring any credentials (cookies or HTTP authentication).
|
||||||
|
|
||||||
That's uncommon for HTTP-requests. Usually, a request to `http://site.com` is accompanied by all cookies from that domain. But cross-origin requests made by JavaScript methods are an exception.
|
That's uncommon for HTTP-requests. Usually, a request to `http://site.com` is accompanied by all cookies from that domain. But cross-origin requests made by JavaScript methods are an exception.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue