Merge pull request #52255 from Expensify/rodrigo-fix-csrf-token-native

Fix API requests on the HybridApp
Expensify · Nov 8, 2024 · ee89e3a · ee89e3a
2 parents a569cbc + 9d763e5
commit ee89e3a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/libs/HttpUtils.ts b/src/libs/HttpUtils.ts
@@ -58,6 +58,11 @@ function processHTTPRequest(url: string, method: RequestType = 'get', body: Form
         signal: abortSignal,
         method,
         body,
+        // On Web fetch already defaults to 'omit' for credentials, but it seems that this is not the case for the ReactNative implementation
+        // so to avoid sending cookies with the request we set it to 'omit' explicitly
+        // this avoids us sending specially the expensifyWeb cookie, which makes a CSRF token required
+        // more on that here: https://stackoverflowteams.com/c/expensify/questions/93
+        credentials: 'omit',
     })
         .then((response) => {
             // We are calculating the skew to minimize the delay when posting the messages