在此页

• 范例
• 规范
• 浏览器兼容性
• 相关话题

XMLHttpRequest.withCredentials 特性为 布尔 that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.

In addition, this flag is also used to indicate when cookies are to be ignored in the response. The default is false . XMLHttpRequest from a different domain cannot set cookie values for their own domain unless withCredentials 被设为 true before making the request. The third-party cookies obtained by setting withCredentials to true will still honor same-origin policy and hence can not be accessed by the requesting script through document.cookie or from response headers.

注意： This never affects same-site requests.

注意： XMLHttpRequest responses from a different domain cannot set cookie values for their own domain unless withCredentials 被设为 true before making the request, regardless of Access-Control- header values.

范例

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/', true);
xhr.withCredentials = true;
xhr.send(null);
					

规范

规范	状态	注释
XMLHttpRequest	实时标准	WHATWG (Web 超文本应用程序技术工作组) 实时标准

浏览器兼容性

The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request. 更新 GitHub 上的兼容性数据

	桌面						移动
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Android webview	Chrome for Android	Firefox for Android	Opera for Android	Safari on iOS	Samsung Internet
withCredentials	Chrome 3	Edge 12	Firefox 3.5 3.5 Starting with Firefox 11, it's no longer supported to use the withCredentials attribute when performing synchronous requests. Attempting to do so throws an NS_ERROR_DOM_INVALID_ACCESS_ERR 异常。	IE 10 10 Internet Explorer versions 8 and 9 supported cross-domain requests (CORS) using XDomainRequest .	Opera 12	Safari 4	WebView Android ≤37	Chrome Android 18	Firefox Android 4 4 Starting with Firefox 11, it's no longer supported to use the withCredentials attribute when performing synchronous requests. Attempting to do so throws an NS_ERROR_DOM_INVALID_ACCESS_ERR 异常。	Opera Android 12	Safari iOS 3.2	Samsung Internet Android 1.0

图例

完整支持

完整支持

见实现注意事项。

元数据

• 最后修改： 2019 年 3 月 23 日

相关话题

1. XMLHttpRequest
2. 构造函数

   1. XMLHttpRequest()
3. 特性

   1. channel
   2. mozAnon
   3. mozBackgroundRequest
   4. mozResponseArrayBuffer
   5. mozSystem
   6. multipart
   7. onreadystatechange
   8. readyState
   9. response
   10. responseText
   11. responseType
   12. responseURL
   13. responseXML
   14. status
   15. statusText
   16. timeout
   17. upload
   18. withCredentials
4. 方法

   1. abort()
   2. getAllResponseHeaders()
   3. getResponseHeader()
   4. open()
   5. openRequest()
   6. overrideMimeType()
   7. send()
   8. sendAsBinary()
   9. setRequestHeader()
5. 事件

   1. onreadystatechange
   2. abort
   3. error
   4. load
   5. loadend
   6. loadstart
   7. progress
   8. timeout
6. 继承：

   1. XMLHttpRequestEventTarget
   2. EventTarget
7. XMLHttpRequest 相关页面

   1. FormData
   2. XMLHttpRequestEventTarget
   3. XMLHttpRequestUpload