withCredentials #2
Description
During http requests, especially if CORS needs, withCredentials is sometimes required.
WHEN do we need withCredentials ?
- when we make cross-site Access-Control requiests,cookies ,authorization headers or TLS client certificates are needed to be sent
- this flag is used to indicate when cookies are to be ignored in the response,However,keep in mind
Third-party cookies obtained by setting withCredentials to be true will still honor the same-origin
policy,CAN NOT be accessed by document.cookie or from response headers - This never affects same-site requests
reference link--https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials