diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp
index 5c1ab7214f89..3aceccce0899 100644
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -1070,9 +1070,8 @@ ScriptLoader::StartLoad(ScriptLoadRequest* aRequest)
     // According to the spec, module scripts have different behaviour to classic
     // scripts and always use CORS.
     securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
-    if (aRequest->CORSMode() == CORS_NONE) {
-      securityFlags |= nsILoadInfo::SEC_COOKIES_OMIT;
-    } else if (aRequest->CORSMode() == CORS_ANONYMOUS) {
+    if (aRequest->CORSMode() == CORS_NONE ||
+        aRequest->CORSMode() == CORS_ANONYMOUS) {
       securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
     } else {
       MOZ_ASSERT(aRequest->CORSMode() == CORS_USE_CREDENTIALS);
diff --git a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub.html.ini b/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub.html.ini
new file mode 100644
index 000000000000..99df447e4c51
--- /dev/null
+++ b/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub.html.ini
@@ -0,0 +1,4 @@
+[dynamic-imports-credentials.sub.html]
+  [Dynamic imports should be loaded with or without the credentials based on the same-origin-ness and the parent script's crossOrigin attribute]
+    expected: FAIL
+    bug: 1342012
diff --git a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-fetch-error.sub.html.ini b/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-fetch-error.sub.html.ini
index 6193009d92b7..466671ab11d5 100644
--- a/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-fetch-error.sub.html.ini
+++ b/testing/web-platform/meta/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-fetch-error.sub.html.ini
@@ -1,3 +1,4 @@
 [dynamic-imports-fetch-error.sub.html]
   [import(): error cases occuring during fetching]
     expected: FAIL
+    bug: 1342012
diff --git a/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/credentials.sub.html b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/credentials.sub.html
index 1293d7f69134..cf23e67ae40c 100644
--- a/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/credentials.sub.html
+++ b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/credentials.sub.html
@@ -39,31 +39,31 @@ promise_test(t => {
   }).then(() => {
     const w = iframe.contentWindow;
 
-    assert_equals(w.sameOriginNone, 'not found',
-                  'Modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
+    assert_equals(w.sameOriginNone, 'found',
+                  'Modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
     assert_equals(w.sameOriginAnonymous, 'found',
                   'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
     assert_equals(w.sameOriginUseCredentials, 'found',
                   'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
     assert_equals(w.crossOriginNone, 'not found',
-                  'Modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
+                  'Modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
     assert_equals(w.crossOriginAnonymous, 'not found',
-                  'Modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
+                  'Modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
     assert_equals(w.crossOriginUseCredentials, 'found',
                   'Modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
 
-    assert_equals(w.sameOriginNoneDecendent, 'not found',
-                  'Decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is same-origin');
-    assert_equals(w.sameOriginAnonymousDecendent, 'found',
-                  'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
-    assert_equals(w.sameOriginUseCredentialsDecendent, 'found',
-                  'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
-    assert_equals(w.crossOriginNoneDecendent, 'not found',
-                  'Decendent modules should be loaded without the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
-    assert_equals(w.crossOriginAnonymousDecendent, 'not found',
-                  'Decendent modules should be loaded without the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
-    assert_equals(w.crossOriginUseCredentialsDecendent, 'found',
-                  'Decendent modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
+    assert_equals(w.sameOriginNoneDescendant, 'found',
+                  'Descendant modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
+    assert_equals(w.sameOriginAnonymousDescendant, 'found',
+                  'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
+    assert_equals(w.sameOriginUseCredentialsDescendant, 'found',
+                  'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
+    assert_equals(w.crossOriginNoneDescendant, 'not found',
+                  'Descendant modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
+    assert_equals(w.crossOriginAnonymousDescendant, 'not found',
+                  'Descendant modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
+    assert_equals(w.crossOriginUseCredentialsDescendant, 'found',
+                  'Descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
 });
 }, 'Modules should be loaded with or without the credentials based on the same-origin-ness and the crossOrigin attribute');
 </script>
diff --git a/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub.html b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub.html
new file mode 100644
index 000000000000..b939a3ef1639
--- /dev/null
+++ b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-credentials.sub.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+
+<script type="text/javascript">
+host_info = get_host_info();
+
+document.cookie = 'same=1';
+
+const setCookiePromise = fetch(
+    'http://{{domains[www2]}}:{{ports[http][0]}}/cookies/resources/set-cookie.py?name=cross&path=/html/semantics/scripting-1/the-script-element/module/',
+    {
+      mode: 'no-cors',
+      credentials: 'include',
+    });
+
+const windowLoadPromise = new Promise(resolve => {
+  window.addEventListener('load', () => {
+    resolve();
+  });
+});
+
+promise_test(t => {
+  const iframe = document.createElement('iframe');
+
+  return Promise.all([setCookiePromise, windowLoadPromise]).then(() => {
+    const messagePromise = new Promise(resolve => {
+      window.addEventListener('message', event => {
+        resolve();
+      });
+    });
+
+    iframe.src = '../resources/dynamic-import-credentials-iframe.sub.html';
+    document.body.appendChild(iframe);
+
+    return messagePromise;
+  }).then(() => {
+    const w = iframe.contentWindow;
+
+    assert_equals(w.sameOriginNoneDynamicDescendant, 'found',
+                  'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is not specified and the target is same-origin');
+    assert_equals(w.sameOriginAnonymousDynamicDescendant, 'found',
+                  'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is same-origin');
+    assert_equals(w.sameOriginUseCredentialsDynamicDescendant, 'found',
+                  'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is same-origin');
+    assert_equals(w.crossOriginNoneDynamicDescendant, 'not found',
+                  'Dynamic descendant modules should not be loaded with the credentials when the crossOrigin attribute is not specified and the target is cross-origin');
+    assert_equals(w.crossOriginAnonymousDynamicDescendant, 'not found',
+                  'Dynamic descendant modules should not be loaded with the credentials when the crossOrigin attribute is specified with "anonymous" as its value and the target is cross-origin');
+    assert_equals(w.crossOriginUseCredentialsDynamicDescendant, 'found',
+                  'Dynamic descendant modules should be loaded with the credentials when the crossOrigin attribute is specified with "use-credentials" as its value and the target is cross-origin');
+});
+}, 'Dynamic imports should be loaded with or without the credentials based on the same-origin-ness and the parent script\'s crossOrigin attribute');
+</script>
+<body>
+</body>
diff --git a/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/credentials-iframe.sub.html b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/credentials-iframe.sub.html
index f086e702822a..8a0506ccec63 100644
--- a/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/credentials-iframe.sub.html
+++ b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/credentials-iframe.sub.html
@@ -25,22 +25,22 @@
 </script>
 
 <script type="module">
-import "./check-cookie.py?id=sameOriginNoneDecendent&cookieName=same";
+import "./check-cookie.py?id=sameOriginNoneDescendant&cookieName=same";
 </script>
 <script type="module" crossOrigin="anonymous">
-import "./check-cookie.py?id=sameOriginAnonymousDecendent&cookieName=same";
+import "./check-cookie.py?id=sameOriginAnonymousDescendant&cookieName=same";
 </script>
 <script type="module" crossOrigin="use-credentials">
-import "./check-cookie.py?id=sameOriginUseCredentialsDecendent&cookieName=same";
+import "./check-cookie.py?id=sameOriginUseCredentialsDescendant&cookieName=same";
 </script>
 <script type="module">
-import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDecendent&cookieName=cross";
+import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDescendant&cookieName=cross";
 </script>
 <script type="module" crossOrigin="anonymous">
-import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDecendent&cookieName=cross";
+import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDescendant&cookieName=cross";
 </script>
 <script type="module" crossOrigin="use-credentials">
-import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDecendent&cookieName=cross";
+import "http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDescendant&cookieName=cross";
 </script>
 
 <script type="text/javascript">
diff --git a/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/dynamic-import-credentials-iframe.sub.html b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/dynamic-import-credentials-iframe.sub.html
new file mode 100644
index 000000000000..836ece62c5f6
--- /dev/null
+++ b/testing/web-platform/tests/html/semantics/scripting-1/the-script-element/module/resources/dynamic-import-credentials-iframe.sub.html
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<script type="module">
+import("./check-cookie.py?id=sameOriginNoneDynamicDescendant&cookieName=same");
+</script>
+<script type="module" crossOrigin="anonymous">
+import("./check-cookie.py?id=sameOriginAnonymousDynamicDescendant&cookieName=same");
+</script>
+<script type="module" crossOrigin="use-credentials">
+import("./check-cookie.py?id=sameOriginUseCredentialsDynamicDescendant&cookieName=same");
+</script>
+<script type="module">
+import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginNoneDynamicDescendant&cookieName=cross");
+</script>
+<script type="module" crossOrigin="anonymous">
+import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginAnonymousDynamicDescendant&cookieName=cross");
+</script>
+<script type="module" crossOrigin="use-credentials">
+import("http://{{domains[www2]}}:{{ports[http][0]}}/html/semantics/scripting-1/the-script-element/module/resources/check-cookie.py?id=crossOriginUseCredentialsDynamicDescendant&cookieName=cross");
+</script>
+
+
+<script type="text/javascript">
+window.addEventListener('load', event => {
+  window.parent.postMessage({}, '*');
+});
+</script>