fix: Prevent cookie duplication when calling /apps/:slug/open

In some scenario (mainly in production) we observed that cookie was duplicated in the HTTP headers. Also both cookies were separated by a comma instead of a semicolon This form is not supported by cozy-stack and the result is that the cozy-stack consider the request is not cookie-authenticated So when calling `/apps/:slug/open`, a new generated cookie would be returned instead of the provided one as expected in #277 To fix this we want to specify `credentials:omit` into the fetch options, this would prevent react-native to inject a copy of the same cookie More info: facebook/react-native#23185 (comment)
cozy · Sep 30, 2022 · 1452b81 · 1452b81
1 parent 5aa368c
commit 1452b81
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/libs/client.js b/src/libs/client.js
@@ -338,8 +338,11 @@ export const fetchPublicData = async client => {
 export const fetchCozyDataForSlug = async (slug, client, cookie) => {
   const stackClient = client.getStackClient()
 
-  const headers = cookie
+  const options = cookie
     ? {
+        // credentials:omit is necessary here to prevent cookie duplication in the fetch call
+        // more info: https://github.com/facebook/react-native/issues/23185#issuecomment-536420223
+        credentials: 'omit',
         headers: {
           Cookie: `${cookie.name}=${cookie.value}`
         }
@@ -350,7 +353,7 @@ export const fetchCozyDataForSlug = async (slug, client, cookie) => {
     'GET',
     `/apps/${slug}/open`,
     undefined,
-    headers
+    options
   )
 
   return result