When sending requests from client-side JavaScript, by default cookies are not passed.

By default, fetch won’t send or receive any cookies from the server, resulting in unauthenticated requests https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch

Two JavaScript HTTP clients I use are axios, a “Promise based HTTP client for the browser and Node.js” and the fetch API (see Fetch API on MDN).

Pass cookies with requests in axios

In axios, to enable passing of cookies, we use the withCredentials: true option.

Which means we can create a new axios instance with withCredentials enabled:

const transport = axios.create({
  withCredentials: true
})

transport
  .get('/cookie-auth-protected-route')
  .then(res => res.data)
  .catch(err => { /* not hit since no 401 */ })

It’s also possible to set it in the request options:

axios
  .get(
    '/cookie-auth-protected-route',
    { withCredentials: true }
  )
  .then(res => res.data)
  .catch(err => { /* not hit since no 401 */ })

Or override the global defaults:

axios.defaults.withCredentials = true

Pass cookies with requests using fetch

The equivalent with fetch is to set the credentials: 'include' or credentials: 'same-origin' option when sending the request:

fetch(
  '/cookie-auth-protected-route',
  { credentials: 'include' } // could also try 'same-origin'
).then(res => {
  if (res.ok) return res.json()
  // not hit since no 401
)

Download free do whatever you want high-resolution photos from Alex