Skip to content

F
frontend
Commit c9bc73e1 authored by tom's avatar tom
Browse files
Options

[skip ci] send cookie to other origins only if account is enabled

parent ab07c20a
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
lib/api/useApiFetch.tsx
View file @ c9bc73e1
...@@ -4,6 +4,7 @@ import React from 'react'; ...@@ -4,6 +4,7 @@ import React from 'react';
import type { CsrfData } from 'types/client/account'; import type { CsrfData } from 'types/client/account';
import appConfig from 'configs/app/config';
import isBodyAllowed from 'lib/api/isBodyAllowed'; import isBodyAllowed from 'lib/api/isBodyAllowed';
import isNeedProxy from 'lib/api/isNeedProxy'; import isNeedProxy from 'lib/api/isNeedProxy';
import { getResourceKey } from 'lib/api/useApiQuery'; import { getResourceKey } from 'lib/api/useApiQuery';
...@@ -44,7 +45,11 @@ export default function useApiFetch() { ...@@ -44,7 +45,11 @@ export default function useApiFetch() {
return fetch<SuccessType, ErrorType>( return fetch<SuccessType, ErrorType>(
url, url,
{ {
credentials: 'include', // as of today, we use cookies only
// for user authentication in My account
// for API rate-limits (cannot use in the condition though, but we agreed with devops team that should not be an issue)
// change condition here if something is changed
credentials: appConfig.account.isEnabled ? 'include' : 'same-origin',
headers, headers,
...fetchParams, ...fetchParams,
}, },
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment