We shouldn't rely on global session state for XHRs

Question

Closed this issue 9 years ago · 1 comments

The Fetch API doesn't send credentials, such as cookies by default, this should break XHR calls, but currently it doesn't as the code can rely on the session set on the global state (cSess).

Answer 1 · 2016-02-18T12:03:25.000Z

{ credentials: 'same-origin' } should be used on the fetch options object.