From 85dc423f7090da0a52c73eb66faf22ddb20efff9 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Sat, 19 Sep 2020 01:45:44 +0000
Subject: Add latest changes from gitlab-org/gitlab@13-4-stable-ee

---
 app/views/layouts/_startup_js.html.haml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'app/views/layouts/_startup_js.html.haml')

diff --git a/app/views/layouts/_startup_js.html.haml b/app/views/layouts/_startup_js.html.haml
index 3eb68df07c6..33c759b7a7c 100644
--- a/app/views/layouts/_startup_js.html.haml
+++ b/app/views/layouts/_startup_js.html.haml
@@ -6,8 +6,11 @@
     gl.startup_calls = #{page_startup_api_calls.to_json};
     if (gl.startup_calls && window.fetch) {
       Object.keys(gl.startup_calls).forEach(apiCall => {
+        // fetch won’t send cookies in older browsers, unless you set the credentials init option.
+        // We set to `same-origin` which is default value in modern browsers.
+        // See https://github.com/whatwg/fetch/pull/585 for more information.
         gl.startup_calls[apiCall] = {
-          fetchCall: fetch(apiCall)
+          fetchCall: fetch(apiCall, { credentials: 'same-origin' })
         };
       });
     }
-- 
cgit v1.2.1