From 9d763e575ac69ad134fe0f2c68cf70298bb9c9d3 Mon Sep 17 00:00:00 2001
From: Rodrigo Lino da Costa <rodrigo@expensify.com>
Date: Fri, 8 Nov 2024 10:17:24 -0300
Subject: [PATCH] explicity adds omit to fetch

---
 src/libs/HttpUtils.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libs/HttpUtils.ts b/src/libs/HttpUtils.ts
index de6aea96cb47..66ce71451c17 100644
--- a/src/libs/HttpUtils.ts
+++ b/src/libs/HttpUtils.ts
@@ -58,6 +58,11 @@ function processHTTPRequest(url: string, method: RequestType = 'get', body: Form
         signal: abortSignal,
         method,
         body,
+        // On Web fetch already defaults to 'omit' for credentials, but it seems that this is not the case for the ReactNative implementation
+        // so to avoid sending cookies with the request we set it to 'omit' explicitly
+        // this avoids us sending specially the expensifyWeb cookie, which makes a CSRF token required
+        // more on that here: https://stackoverflowteams.com/c/expensify/questions/93
+        credentials: 'omit',
     })
         .then((response) => {
             // We are calculating the skew to minimize the delay when posting the messages