COR's credentials for HTTP Request Operation

[cneberg]

Please support credentials: include in CyberChef/src/core/operations/HTTPRequest.mjs. I don't know if would cause issues if it was the default or if it should be an option - but its useful if the COR's site is authenticated.

93         });
 94 
 95         const config = {
 96             method: method,
 97             headers: headers,
 98             mode: modeLookup[mode],
+ 99             credentials: "include",
100             cache: "no-cache",
101         };
102 
103         if (method !== "GET

[cneberg]

Maybe add another drop down option "Cross Origin Resource Sharing with credentials"

[mohammed90]

After much fighting with it, I found out this is near impossible unless you're using cors mode and the target server response with Access-Control-Allow-Credentials: *. In no-cors mode, fetch will only send the standardized _CORS-safelisted request-header. The list[^1] does not include the _Authorization_ header, so it will not be sent unless you're using cors` and the server responds with the aforementioned response header, which means impossible.