Maybe consider adding a note about setting

credentials include

for js clients to the cookies section. it takes some digging on slack to figure out why it doesn't work out of the box (https://github.com/ktorio/ktor/pull/4793, https://youtrack.jetbrains.com/issue/KTOR-539/Ability-to-use-browser-cookie-storage#focus=Comments-27-4775173.0-0)

I mean, that's not ktor-specific. That's just a web platform thing: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials

I've created an issue to address the problem with the documentation.

I am now struggling with exactly this. I am working with a KMP application targeting browser JS with Ktor 3.2.3. This application needs to send

HttpOnly

cookies stored by the browser. The workaround described in various old posts that wrap

fetch

do work but forces

credentials = true

globally, which is undesirable in my application. After reading PR 4793, I assumed the code below would allow setting

credentials

per request; the code compiles, but fails at runtime with a generic "Fail to fetch" error message. Is this the correct way to send cookies with Ktor 3.2.3 for JS apps?

val response = <http://httpClient.post|httpClient.post>("${apiEndpoint}/profile/session") {
    fetchOptions {
        credentials = true
    }
}

The problem is that the

true

value is an invalid enum variant for the

credentials

property. You can find the list of valid values here.

for some reason, I can't even read the Set-Cookie header for a

httpOnly = false

request from a js client. any hints what could be the cause?

@Aleksei Tirman [JB] thanks! We fixed our code, now it works as expected. For reference:

val response = <http://httpClient.post|httpClient.post>("${apiEndpoint}/profile/session") {
    fetchOptions {
        credentials = RequestCredentials.INCLUDE
    }
}