From e2d7d34f30cd11d6e65e06c0920c6a0507fe7b39 Mon Sep 17 00:00:00 2001
From: Yaroslav Zhavoronkov <yaroslav.zh@gmail.com>
Date: Sun, 7 Feb 2021 09:49:49 +0300
Subject: [PATCH] fix: Pass credentials with API requests when required to work
 with Cloudflare Access (#1867)

---
 app/utils/ApiClient.js   | 8 +++++++-
 server/static/index.html | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/utils/ApiClient.js b/app/utils/ApiClient.js
index dbc62949f..4681d8543 100644
--- a/app/utils/ApiClient.js
+++ b/app/utils/ApiClient.js
@@ -1,6 +1,7 @@
 // @flow
 import invariant from "invariant";
 import { map, trim } from "lodash";
+import { getCookie } from "tiny-cookie";
 import stores from "stores";
 import download from "./download";
 import {
@@ -18,6 +19,11 @@ type Options = {
   baseUrl?: string,
 };
 
+// authorization cookie set by a Cloudflare Access proxy
+const CF_AUTHORIZATION = getCookie("CF_Authorization");
+// if the cookie is set, we must pass it with all ApiClient requests
+const CREDENTIALS = CF_AUTHORIZATION ? "same-origin" : "omit";
+
 class ApiClient {
   baseUrl: string;
   userAgent: string;
@@ -91,7 +97,7 @@ class ApiClient {
         body,
         headers,
         redirect: "follow",
-        credentials: "omit",
+        credentials: CREDENTIALS,
         cache: "no-cache",
       });
     } catch (err) {
diff --git a/server/static/index.html b/server/static/index.html
index f302a5409..b97ac290b 100644
--- a/server/static/index.html
+++ b/server/static/index.html
@@ -12,7 +12,7 @@
       href="/favicon-32.png"
       sizes="32x32"
     />
-    <link rel="manifest" href="/manifest.json" />
+    <link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
     <link
       rel="search"
       type="application/opensearchdescription+xml"