fix(ajax): use 'same-origin' credentials (#42525)

2021-06-16 11:47:47 +02:00
parent af6e6a01d3
commit 80b12ee25c
1 changed files with 1 additions and 1 deletions
--- a/client/src/utils/ajax.js
+++ b/client/src/utils/ajax.js
@ -9,7 +9,7 @@ const tokens = new Tokens();

 // TODO: test on staging.  Do we need 'include' everywhere?
 const defaultOptions = {
-  credentials: environment === 'development' ? 'include' : 'same-site'
+  credentials: environment === 'development' ? 'include' : 'same-origin'
 };

 // _csrf is passed to the client as a cookie. Tokens are sent back to the server