Clarify that RequestInit's credentials affects response

Follow-up to 00344d2 to state something equivalent for the API. Also state the default when input is a string for credentials and mode.
whatwg · Mar 1, 2021 · 24a8670 · 24a8670
1 parent efde35d
commit 24a8670
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -5923,11 +5923,15 @@ object), initially null.
 
    <dt>{{RequestInit/mode}}
    <dd>A string to indicate whether the request will use CORS, or will be restricted to same-origin
-   URLs. Sets <var>request</var>'s {{Request/mode}}.
+   URLs. Sets <var>request</var>'s {{Request/mode}}. If <var>input</var> is a string, it defaults to
+   "<code>cors</code>".
 
    <dt>{{RequestInit/credentials}}
    <dd>A string indicating whether credentials will be sent with the request always, never, or only
-   when sent to a same-origin URL. Sets <var>request</var>'s {{Request/credentials}}.
+   when sent to a same-origin URL — as well as whether any credentials sent back in the response
+   will be used always, never, or only when received from a same-origin URL. Sets
+   <var>request</var>'s {{Request/credentials}}. If <var>input</var> is a string, it defaults to
+   "<code>same-origin</code>".
 
    <dt>{{RequestInit/cache}}
    <dd>A string indicating how the request will interact with the browser's cache to set