How do you send cookies with a CORS request in JavaScript?
On the client: fetch(url, { credentials: 'include' }). On the server: Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin must be the specific origin (not *).
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in CORS with Credentials and Cookies
No. When credentials are involved, the server must specify the exact origin (https://myapp.com). The wildcard * is not allowed with credentials for security reasons.
SameSite=None and Secure. SameSite=None allows the cookie to be sent cross-site. Secure requires HTTPS. Without these, the browser does not send the cookie cross-origin.
It tells the browser to send cookies and authorization headers with the cross-origin request. Without it, no credentials are sent. The server must also set Access-Control-Allow-Credentials: true.
Still have questions?
Browse all our FAQs or reach out to our support team
