send credentials in header to enforce sending cookies

ec9d017c · Swen Vermeul · be1532d3 · ec9d017c
Commit ec9d017c authored 6 years ago by Swen Vermeul
--- a/jupyter-openbis-extension/static/connections.js
+++ b/jupyter-openbis-extension/static/connections.js
@@ -30,7 +30,8 @@ define([
                method: "PUT",
                headers: {
                    "Content-Type": "application/json",
-                    "X-XSRFToken": xsrf_token
+                    "X-XSRFToken": xsrf_token,
+                    "credentials": "same-origin",
                },
                body: JSON.stringify(body)
            })
@@ -45,14 +46,13 @@ define([
                "password": password
            }

-            var cookie = decodeURIComponent(document.cookie)
-            var xsrf_token = cookie.split("_xsrf=")[1]
-
+            var xsrf_token = common.getCookie('_xsrf')
            return fetch(endpoint, {
                method: "POST",
                headers: {
                    "Content-Type": "application/json",
-                    //"X-XSRFToken": xsrf_token,
+                    "X-XSRFToken": xsrf_token,
+                    "credentials": "same-origin",
                },
                body: JSON.stringify(body)
            })