From ec9d017cd9d78fe90ac313c36068d8622e013570 Mon Sep 17 00:00:00 2001
From: vermeul <swen@ethz.ch>
Date: Thu, 21 Mar 2019 16:32:39 +0100
Subject: [PATCH] send credentials in header to enforce sending cookies

---
 jupyter-openbis-extension/static/connections.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/jupyter-openbis-extension/static/connections.js b/jupyter-openbis-extension/static/connections.js
index 6f856fb..2365b7b 100644
--- a/jupyter-openbis-extension/static/connections.js
+++ b/jupyter-openbis-extension/static/connections.js
@@ -30,7 +30,8 @@ define([
                 method: "PUT",
                 headers: {
                     "Content-Type": "application/json",
-                    "X-XSRFToken": xsrf_token
+                    "X-XSRFToken": xsrf_token,
+                    "credentials": "same-origin",
                 },
                 body: JSON.stringify(body)
             })
@@ -45,14 +46,13 @@ define([
                 "password": password
             }
 
-            var cookie = decodeURIComponent(document.cookie)
-            var xsrf_token = cookie.split("_xsrf=")[1]
-
+            var xsrf_token = common.getCookie('_xsrf')
             return fetch(endpoint, {
                 method: "POST",
                 headers: {
                     "Content-Type": "application/json",
-                    //"X-XSRFToken": xsrf_token,
+                    "X-XSRFToken": xsrf_token,
+                    "credentials": "same-origin",
                 },
                 body: JSON.stringify(body)
             })
-- 
GitLab