Details on cross-origin requests & credentials

Cross-origin requests initiated by embedded images and forms actually bring cookies by default. Though it is incorrect to say that all cross-origin requests do not bring credentials by default.
2020-05-25 13:09:14 +06:00 · 2020-05-25 13:09:14 +06:00 · 46daea1596
commit 46daea1596
parent 0da5b2b68c
1 changed files with 1 additions and 1 deletions
--- a/5-network/05-fetch-crossorigin/article.md
+++ b/5-network/05-fetch-crossorigin/article.md
@ -309,7 +309,7 @@ JavaScript only gets the response to the main request or an error if there's no

 ## Credentials

-A cross-origin request by default does not bring any credentials (cookies or HTTP authentication).
+A cross-origin request initiated by JavaScript code by default does not bring any credentials (cookies or HTTP authentication).

 That's uncommon for HTTP-requests. Usually, a request to `http://site.com` is accompanied by all cookies from that domain. But cross-origin requests made by JavaScript methods are an exception.