diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js
index 927535f1bd..0845ba536a 100644
--- a/client/src/utils/ajax.js
+++ b/client/src/utils/ajax.js
@@ -9,7 +9,7 @@ const tokens = new Tokens();
 
 // TODO: test on staging.  Do we need 'include' everywhere?
 const defaultOptions = {
-  credentials: environment === 'development' ? 'include' : 'same-origin'
+  credentials: environment === 'development' ? 'include' : 'same-site'
 };
 
 // _csrf is passed to the client as a cookie. Tokens are sent back to the server