diff --git a/docker/configurator/variables.js b/docker/configurator/variables.js
index f99aa3ee064..a7aa4ff3d4e 100644
--- a/docker/configurator/variables.js
+++ b/docker/configurator/variables.js
@@ -86,6 +86,10 @@ const standardVariables = {
   VALIDATOR_URL: {
     type: "string",
     name: "validatorUrl"
+  },
+  WITH_CREDENTIALS: {
+    type: "boolean",
+    name: "withCredentials",
   }
 }
 
@@ -102,4 +106,4 @@ const legacyVariables = {
   }
 }
 
-module.exports = Object.assign({}, standardVariables, legacyVariables)
\ No newline at end of file
+module.exports = Object.assign({}, standardVariables, legacyVariables)
diff --git a/docs/usage/configuration.md b/docs/usage/configuration.md
index e718c667078..ffbc180668d 100644
--- a/docs/usage/configuration.md
+++ b/docs/usage/configuration.md
@@ -71,6 +71,7 @@ Parameter name | Docker variable | Description
 <a name="showMutatedRequest"></a>`showMutatedRequest` | `SHOW_MUTATED_REQUEST` | `Boolean=true`. If set to `true`, uses the mutated request returned from a requestInterceptor to produce the curl command in the UI, otherwise the request before the requestInterceptor was applied is used.
 <a name="supportedSubmitMethods"></a>`supportedSubmitMethods` | `SUPPORTED_SUBMIT_METHODS` | `Array=["get", "put", "post", "delete", "options", "head", "patch", "trace"]`. List of HTTP methods that have the Try it out feature enabled. An empty array disables Try it out for all operations. This does not filter the operations from the display.
 <a name="validatorUrl"></a>`validatorUrl` | `VALIDATOR_URL` | `String="https://online.swagger.io/validator" OR null`. By default, Swagger-UI attempts to validate specs against swagger.io's online validator. You can use this parameter to set a different validator URL, for example for locally deployed validators ([Validator Badge](https://github.com/swagger-api/validator-badge)). Setting it to `null` will disable validation.
+<a name="withCredentials"></a>`withCredentials` | `WITH_CREDENTIALS` | `Boolean=false` If set to `true`, enables passing credentials, [as defined in the Fetch standard](https://fetch.spec.whatwg.org/#credentials), in CORS requests that are sent by the browser. Note that Swagger UI cannot currently set cookies cross-domain (see [swagger-js#1163](https://github.com/swagger-api/swagger-js/issues/1163)) - as a result, you will have to rely on browser-supplied cookies (which this setting enables sending) that Swagger UI cannot control.
 
 ##### Macros
 
@@ -81,7 +82,7 @@ Parameter name | Docker variable | Description
 
 ### Instance methods
 
-**💡 Take note! These are methods, not parameters**. 
+**💡 Take note! These are methods, not parameters**.
 
 Method name | Docker variable | Description
 --- | --- | -----
@@ -91,7 +92,7 @@ Method name | Docker variable | Description
 
 ### Docker
 
-If you're using the Docker image, you can also control most of these options with environment variables. Each parameter has its environment variable name noted, if available. 
+If you're using the Docker image, you can also control most of these options with environment variables. Each parameter has its environment variable name noted, if available.
 
 Below are the general guidelines for using the environment variable interface.
 
diff --git a/src/core/index.js b/src/core/index.js
index def68aa2d8a..50632bcc7c9 100644
--- a/src/core/index.js
+++ b/src/core/index.js
@@ -51,6 +51,7 @@ module.exports = function SwaggerUI(opts) {
     defaultModelsExpandDepth: 1,
     showExtensions: false,
     showCommonExtensions: false,
+    withCredentials: undefined,
     supportedSubmitMethods: [
       "get",
       "put",
diff --git a/src/core/plugins/swagger-js/configs-wrap-actions.js b/src/core/plugins/swagger-js/configs-wrap-actions.js
new file mode 100644
index 00000000000..34d0e158af0
--- /dev/null
+++ b/src/core/plugins/swagger-js/configs-wrap-actions.js
@@ -0,0 +1,8 @@
+export const loaded = (ori, system) => (...args) => {
+  ori(...args)
+  const value = system.getConfigs().withCredentials
+  
+  if(value !== undefined) {
+    system.fn.fetch.withCredentials = typeof value === "string" ? (value === "true") : !!value
+  }
+}
diff --git a/src/core/plugins/swagger-js/index.js b/src/core/plugins/swagger-js/index.js
index 7ecfe957ba9..171a7f5c814 100644
--- a/src/core/plugins/swagger-js/index.js
+++ b/src/core/plugins/swagger-js/index.js
@@ -1,4 +1,5 @@
 import Swagger from "swagger-client"
+import * as configsWrapActions from "./configs-wrap-actions"
 
 module.exports = function({ configs, getConfigs }) {
   return {
@@ -22,6 +23,11 @@ module.exports = function({ configs, getConfigs }) {
       },
       serializeRes: Swagger.serializeRes,
       opId: Swagger.helpers.opId
-    }
+    },
+    statePlugins: {
+      configs: {
+        wrapActions: configsWrapActions
+      }
+    },
   }
 }
diff --git a/test/core/plugins/swagger-js/withCredentials.js b/test/core/plugins/swagger-js/withCredentials.js
new file mode 100644
index 00000000000..ca98065d5ff
--- /dev/null
+++ b/test/core/plugins/swagger-js/withCredentials.js
@@ -0,0 +1,94 @@
+import expect, { createSpy } from "expect"
+import { loaded } from "corePlugins/swagger-js/configs-wrap-actions"
+
+describe("swagger-js plugin - withCredentials", () => {
+  it("should have no effect by default", () => {
+    const system = {
+      fn: {
+        fetch: createSpy().andReturn(Promise.resolve())
+      },
+      getConfigs: () => ({})
+    }
+    const oriExecute = createSpy()
+
+    const loadedFn = loaded(oriExecute, system)
+    loadedFn()
+
+    expect(oriExecute.calls.length).toBe(1)
+    expect(system.fn.fetch.withCredentials).toBe(undefined)
+  })
+
+  it("should allow setting flag to true via config", () => {
+    const system = {
+      fn: {
+        fetch: createSpy().andReturn(Promise.resolve())
+      },
+      getConfigs: () => ({
+        withCredentials: true
+      })
+    }
+    const oriExecute = createSpy()
+
+    const loadedFn = loaded(oriExecute, system)
+    loadedFn()
+
+    expect(oriExecute.calls.length).toBe(1)
+    expect(system.fn.fetch.withCredentials).toBe(true)
+  })
+  
+  it("should allow setting flag to false via config", () => {
+    const system = {
+      fn: {
+        fetch: createSpy().andReturn(Promise.resolve())
+      },
+      getConfigs: () => ({
+        withCredentials: false
+      })
+    }
+    const oriExecute = createSpy()
+
+    const loadedFn = loaded(oriExecute, system)
+    loadedFn()
+
+    expect(oriExecute.calls.length).toBe(1)
+    expect(system.fn.fetch.withCredentials).toBe(false)
+  })
+  
+   it("should allow setting flag to true via config as string", () => {
+    // for query string config
+    const system = {
+      fn: {
+        fetch: createSpy().andReturn(Promise.resolve())
+      },
+      getConfigs: () => ({
+        withCredentials: "true"
+      })
+    }
+    const oriExecute = createSpy()
+
+    const loadedFn = loaded(oriExecute, system)
+    loadedFn()
+
+    expect(oriExecute.calls.length).toBe(1)
+    expect(system.fn.fetch.withCredentials).toBe(true)
+  })
+  
+  it("should allow setting flag to false via config as string", () => {
+    // for query string config
+    const system = {
+      fn: {
+        fetch: createSpy().andReturn(Promise.resolve())
+      },
+      getConfigs: () => ({
+        withCredentials: "false"
+      })
+    }
+    const oriExecute = createSpy()
+
+    const loadedFn = loaded(oriExecute, system)
+    loadedFn()
+
+    expect(oriExecute.calls.length).toBe(1)
+    expect(system.fn.fetch.withCredentials).toBe(false)
+  })
+})