console: set coookie policy for API calls to same-origin (#4336)

CHANGELOG.md

@@ -18,6 +18,7 @@ The order and collapsed state of columns is now persisted across page navigation
 - console: allow customising graphql field names for columns of views (close #3689) (#4255)
 - console: fix clone permission migrations (close #3985) (#4277)
 - console: decouple data rows and count fetch in data browser to account for really large tables (close #3793) (#4269)
+- console: update cookie policy for API calls to "same-origin"
 - docs: add One-Click Render deployment guide (close #3683) (#4209)
 - server: reserved keywords in column references break parser (fix #3597) #3927
 - server: fix postgres specific error message that exposed database type on invalid query parameters (#4294)

console/src/Endpoints.js

@@ -21,7 +21,7 @@ const Endpoints = {
   telemetryServer: 'wss://telemetry.hasura.io/v1/ws',
 };
 
-const globalCookiePolicy = 'omit';
+const globalCookiePolicy = 'same-origin';
 
 export default Endpoints;
 export { globalCookiePolicy, baseUrl, hasuractlUrl };

console/src/utils/requestAction.js

@@ -7,7 +7,8 @@ import {
   DONE_REQUEST,
   FAILED_REQUEST,
   ERROR_REQUEST,
-} from 'components/App/Actions';
+} from '../components/App/Actions';
+import { globalCookiePolicy } from '../Endpoints';
 
 const requestAction = (
   url,
@@ -17,7 +18,7 @@ const requestAction = (
   includeCredentials = true
 ) => {
   if (!options.credentials && includeCredentials) {
-    options.credentials = 'omit';
+    options.credentials = globalCookiePolicy;
   }
 
   return dispatch => {