fix(ajax): use 'same-origin' credentials (#42525)
This commit is contained in:
		
				
					committed by
					
						 GitHub
						GitHub
					
				
			
			
				
	
			
			
			
						parent
						
							af6e6a01d3
						
					
				
				
					commit
					80b12ee25c
				
			| @@ -9,7 +9,7 @@ const tokens = new Tokens(); | ||||
|  | ||||
| // TODO: test on staging.  Do we need 'include' everywhere? | ||||
| const defaultOptions = { | ||||
|   credentials: environment === 'development' ? 'include' : 'same-site' | ||||
|   credentials: environment === 'development' ? 'include' : 'same-origin' | ||||
| }; | ||||
|  | ||||
| // _csrf is passed to the client as a cookie. Tokens are sent back to the server | ||||
|   | ||||
		Reference in New Issue
	
	Block a user