Clarify that RequestInit's credentials affects response

sideshowbarker · web-flow · commit 24a8670f43a2 · 2021-03-01T07:53:48.000+01:00
Follow-up to 00344d2 to state something equivalent for the API. Also state the default when input is a string for credentials and mode.
diff --git a/fetch.bs b/fetch.bs
@@ -5923,11 +5923,15 @@ object), initially null.
 
    <dt>{{RequestInit/mode}}
    <dd>A string to indicate whether the request will use CORS, or will be restricted to same-origin
-   URLs. Sets <var>request</var>'s {{Request/mode}}.
+   URLs. Sets <var>request</var>'s {{Request/mode}}. If <var>input</var> is a string, it defaults to
+   "<code>cors</code>".
 
    <dt>{{RequestInit/credentials}}
    <dd>A string indicating whether credentials will be sent with the request always, never, or only
-   when sent to a same-origin URL. Sets <var>request</var>'s {{Request/credentials}}.
+   when sent to a same-origin URL — as well as whether any credentials sent back in the response
+   will be used always, never, or only when received from a same-origin URL. Sets
+   <var>request</var>'s {{Request/credentials}}. If <var>input</var> is a string, it defaults to
+   "<code>same-origin</code>".
 
    <dt>{{RequestInit/cache}}
    <dd>A string indicating how the request will interact with the browser's cache to set
