From 8e7de5397f96528983ed84c145c7df1e3fa601b5 Mon Sep 17 00:00:00 2001 From: Ghassan Maslamani Date: Wed, 13 Nov 2024 20:31:36 +0100 Subject: [PATCH] fix: include credentials when cookie across subdomains This URL of fetching guest_token is always LMS_ROOT_URL, however in case multisite is being used the guest could be in a different url. This change ensure that cookie is being sent if the other site is a subdomain or shares parent domain with LMS_URL_ROOT This might be realted to openedx/tutor-contrib-aspects/issues/925 --- platform_plugin_aspects/static/js/embed_dashboard.js | 1 + 1 file changed, 1 insertion(+) diff --git a/platform_plugin_aspects/static/js/embed_dashboard.js b/platform_plugin_aspects/static/js/embed_dashboard.js index 5555c62..1b169d0 100644 --- a/platform_plugin_aspects/static/js/embed_dashboard.js +++ b/platform_plugin_aspects/static/js/embed_dashboard.js @@ -30,6 +30,7 @@ async function fetchGuestToken() { headers: { "X-CSRFToken": getCookie("csrftoken"), }, + credentials: 'include', body: body, });