Clarify that credentials mode affects response

This change updates the descriptions of all “credentials mode” values, to clarify that the values affect whether browsers use credentials sent back in responses (e.g., any Set-Cookie response headers) — not just whether credentials are sent with the request.
whatwg · Feb 19, 2021 · 00344d2 · 00344d2
1 parent c64f074
commit 00344d2
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -1429,13 +1429,16 @@ which is "<code>omit</code>", "<code>same-origin</code>", or
 <div class="note no-backref">
  <dl>
   <dt>"<code>omit</code>"
-  <dd>Excludes credentials from this request.
+  <dd>Excludes credentials from this request, and causes any credentials sent back in the response
+  to be ignored.
 
   <dt>"<code>same-origin</code>"
-  <dd>Include credentials with requests made to same-origin URLs.
+  <dd>Include credentials with requests made to same-origin URLs, and use any credentials sent back
+  in responses from same-origin URLs.
 
   <dt>"<code>include</code>"
-  <dd>Always includes credentials with this request.
+  <dd>Always includes credentials with this request, and always use any credentials sent back in the
+  response.
  </dl>
 
  <p><a for=/>Request</a>'s <a for=request>credentials mode</a> controls the flow of