SShortSingh.
Back to feed

Fetch API credentials Option: How omit, same-origin, and include Work

0
·1 views

The Fetch API's credentials option controls whether authentication data — including cookies, HTTP credentials, and TLS certificates — is sent with HTTP requests. The omit mode never sends credentials, while same-origin, the default, sends them only when the request targets the same domain. The include mode allows eligible cookies to be considered for cross-origin requests, though cookie attributes like SameSite and Domain still determine whether they are actually sent. When using include for cross-origin requests, the server must respond with Access-Control-Allow-Credentials: true and a specific origin in Access-Control-Allow-Origin, or JavaScript will be blocked from reading the response. Understanding these three modes is critical for correctly handling authentication, sessions, and CORS in web applications.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

How Review Gates Can Stop AI Video Pipelines Before Costly Rendering Mistakes

A developer building an automated AI video pipeline for YouTube Shorts found that technically successful jobs could still produce unpublishable content due to inconsistent visual direction and timing mismatches. The author identified four key checkpoints — covering direction, visual planning, timing, and final preview — where human review must pause the pipeline before downstream work proceeds. A concrete example showed a 127-word script targeting 50 seconds ran to 59 seconds after voice generation, making it wasteful to continue rendering images and captions. Testing across five content niches revealed that words-per-second rates varied significantly, making real audio duration a more reliable validation point than initial word counts. The core insight is that review gates must tie approval to the specific artifact used downstream, not just a general sign-off, to avoid wasted compute and creative rework.

0
ProgrammingHacker News ·

Developer shares prompt technique to curb Claude's overuse of 'load-bearing'

A developer published a short guide on their blog explaining how to prevent Anthropic's Claude AI from repeatedly using the phrase 'load-bearing' in its responses. The post, shared on Hacker News, addresses a noticed pattern where Claude tends to overuse certain filler or stylistic phrases. The technique involves specific prompting strategies to steer the model away from habitual word choices. The article attracted modest engagement on Hacker News, garnering 9 points and 2 comments. It highlights a broader user interest in fine-tuning AI language model outputs for cleaner, less repetitive writing.

0
ProgrammingDEV Community ·

Developer Credits Daily Gardening Routine for Breakthrough in Debugging Complex Code

A software developer writing for DEV Community describes how stepping away from a persistent caching bug and spending time in his garden the next morning led to a quick resolution. The bug involved a page displaying stale data longer than expected, despite the application otherwise functioning normally. After exhaustive screen-based troubleshooting failed to yield answers, he closed his laptop and resumed work the following day only after tending to his terrace garden. While turning compost with a relaxed mind, he recalled an overlooked assumption about where old data was being reused, and the fix took just minutes once he returned indoors. He argues the habit works not because of any mystical connection between plants and programming, but because gardening builds observation skills and mental space that are equally valuable in debugging.

0
ProgrammingDEV Community ·

Developer builds OCR bulk business card importer, learns hard lessons about multi-card pages

A developer built a feature to bulk-register business card data into a CRM by uploading PDFs or images, using OCR and a separate structuring model to extract fields like company name, email, and phone number. The system separates file intake from heavy processing, running OCR and data registration asynchronously in background jobs to avoid request timeouts. The biggest technical challenge encountered was handling scanned pages containing multiple business cards, since standard OCR tools like Google Cloud Vision return character positions but do not logically separate text belonging to different cards. The developer explored rule-based coordinate analysis and AI-based card detection as potential solutions, noting that difficulty scales sharply depending on how cards are arranged on the page. After extensive planning, the developer discovered the product team had always assumed one card per page — making the multi-card problem a non-issue and underlining the importance of clarifying requirements before engineering solutions.