@@ -108,7 +108,20 @@ fetch('/avatars', {
108108})
109109```
110110
111- ### Success and error handlers
111+ ### Caveats
112+
113+ The ` fetch ` specification differs from other ajax implementations in mainly two
114+ ways that bear keeping in mind:
115+
116+ * The Promise returned from ` fetch() ` ** won't reject on HTTP error status**
117+ even if the response is a HTTP 404 or 500. Instead, it will resolve normally,
118+ and it will only reject on network failure, or if anything prevented the
119+ request from completing.
120+
121+ * By default, ` fetch ` ** won't send any cookies** to the server, resulting in
122+ unauthenticated requests if the site relies on maintaining a user session.
123+
124+ #### Handling HTTP error statuses
112125
113126This causes ` fetch ` to behave like jQuery's ` $.ajax ` by rejecting the ` Promise `
114127on HTTP failure status codes like 404, 500, etc. The response ` Promise ` is
@@ -136,7 +149,22 @@ fetch('/users')
136149 })
137150```
138151
139- ### Response URL caveat
152+ #### Sending cookies
153+
154+ To have ` fetch ` automatically use cookies for the current domain, the
155+ ` credentials ` option must be provided:
156+
157+ ``` javascript
158+ fetch (' /users' , {
159+ credentials: ' same-origin'
160+ })
161+ ```
162+
163+ This option makes ` fetch ` behave similar to XMLHttpRequest with regards to
164+ cookies. Otherwise, cookies won't get sent, resulting in these requests not
165+ preserving the authentication session.
166+
167+ #### Obtaining the Response URL
140168
141169The ` Response ` object has a URL attribute for the final responded resource.
142170Usually this is the same as the ` Request ` url, but in the case of a redirect,
0 commit comments