Pre-flighted JavaScript requests

PUT request including credentials


A cross-origin PUT request can be configured to include credentials.

Add credentials: 'include' to the JavaScript fetch call, to send or receive cookies.

fetch(requestURL, {
    credentials: 'include',

The response to both the pre-flight and main request must include the Access-Control-Allow-Credentials header with a value of true.


  1. Hit green button below
  2. Verify “You are authorized!” response returned successfully
  3. Optionally check network requests in Developer Tools (F12)
View source on GitHub | Created by Tom Gregory