Sending CORS Request with Credentials

To send a CORS request with credentials, you must provide an Origin request HTTP header and an authorization cookie. CORS (Cross-Origin Resource Sharing) requests are sent if the site domain and the target server differ. Browsers use the Origin header to tell the server from which host the request originated. Before sending a CORS request, browsers always send an OPTIONS request to get the allowed request options. It's up to the server to process the CORS request from the source domain or block it. The server notifies the client of allowed domains using the Allow-Origin HTTP header. In this CORS request with Сredentials example, we send a cross-domain request with user credentials to the ReqBin echo URL. Click Send to execute CORS Request with Credentials online and see the results.
Sending CORS Request with Credentials Send
GET /echo/get/json HTTP/1.1
Host: reqbin.com
Origin: https://example.reqbin.com
Cookie: authCookie=my_auth_cookie
Authorization: Basic dGVzdDp0ZXN0

Updated: Viewed: 19042 times

What is HTTP?

The Hypertext Transfer Protocol (HTTP) is the main network communication protocol on the web and allows HTTP clients and servers to communicate with each other. The HTTP protocol is based on a request-response architecture between a client and a server. Client applications send requests to the server, and servers process the requests and respond to clients. Each HTTP messages contain a request string, HTTP headers, and a message body.

What is CORS?

Cross-Origin Resource Sharing (CORS) is an HTTP header-based mechanism that enables secure communication between browsers and servers running from different sources. These sources can differ from the current ones by hostname, HTTP scheme, or port number. A feature of CORS implementation was related to the restrictions of the single-origin policy, which restricts resources to interact only with resources located in the same domain. CORS is a way that a server can check if a request is coming from an allowed source and tell the browser not to block it.

CORS Header Syntax

The following is the general syntax for CORS request header:

Origin Header Syntax
Origin: [URL]

What is HTTP Authentication?

HTTP Authentication is the process of determining whether a client is authorized to access a resource. The HTTP protocol supports authentication from the box to restrict access to protected resources.

What are Credentials?

Credentials are cookies, authorization headers, and TLS client certificates, which a client acquires from a service or user and stores for future authentication purposes. Credentials used in authentication are digital documents that associate a user's identity with some form of proof of identity, such as a certificate or password.

See also

Generate Code Snippets for CORS Request Credentials Example

Convert your CORS Request Credentials request to the PHP, JavaScript/AJAX, Node.js, Curl/Bash, Python, Java, C#/.NET code snippets using the ReqBin code generator.