Home

crossoriginusecredentials

Crossoriginusecredentials is not an official term in web standards. It is sometimes used informally to describe the interplay between the crossorigin attribute (or cross-origin requests) and credentialed access to resources. In practice, the standard concepts involved are the crossorigin attribute values and the handling of credentials in cross-origin requests.

In web browsers, the crossorigin attribute can be applied to certain elements such as script, link, img,

Server-side configuration is crucial for credentialed cross-origin requests. If a resource is requested with credentials, the

In the Fetch API, credentials handling is controlled by the credentials option, with possible values like "same-origin"

Overall, ressented references to "crossoriginusecredentials" reflect the general idea of enabling credentials in cross-origin requests, rather

and
others,
or
influence
fetch
requests.
The
valid
values
are
"anonymous"
and
"use-credentials."
When
the
value
is
"use-credentials,"
the
browser
may
include
credentials
such
as
cookies,
HTTP
authentication
data,
and
client-side
certificates
with
the
request.
When
the
value
is
"anonymous,"
credentials
are
not
sent.
server
must
respond
with
Access-Control-Allow-Credentials:
true
and
must
specify
a
specific
origin
in
Access-Control-Allow-Origin
(not
the
wildcard
"*").
The
client
and
server
must
coordinate:
the
origin
must
be
allowed,
and
the
resource
must
permit
credentials.
or
"include."
This
governs
whether
cookies
and
other
credentials
are
sent
with
the
request,
including
cross-origin
ones,
but
it
is
separate
from
the
HTML
crossorigin
attribute.
than
a
distinct
standard
term.
See
also
cross-origin
resource
sharing,
the
crossorigin
attribute,
Access-Control
headers,
and
Fetch
API
credentials.