Please default fetch() init credentials to 'same-origin'

[Zectbumo]

Calling fetch() while using web authentication makes fetch() request fail with a 401 Unauthorized error. People similar to me that are used to the typical web APIs will expect fetch() to use 'same-origin' instead of the current 'omit' default. This 'omit' default seems very odd and unnatural to me next to the other web APIs. As it stands anyone using web authentication will be rejected when using the default fetch().

[Zectbumo]

If it is cookie data that you are trying to avoid transmitting by default then at least consider adding an 'omit-cookies' default option that will allow web authentication to still pass through.

[jungkees]

I think this issue pertains to Fetch standards if the case is not specific to service worker. I'm not sure if @annevk considered the point this issue posed, but he might know more context why it currently defaults to "omit".

[annevk]

See whatwg/fetch#585. It's blocked on implementers. Best to ping the implementation bugs linked from there.