From c715fa88415aaf3eeb550976bc682ac4c5e0631a Mon Sep 17 00:00:00 2001
From: rikinsk <rikin.kachhia@gmail.com>
Date: Wed, 8 Apr 2020 20:56:57 +0530
Subject: [PATCH 1/2] set coookie policy for API calls to same-origin

---
 CHANGELOG.md             | 1 +
 console/src/Endpoints.js | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 833f79bddb62c..97dcac205de43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ The order and collapsed state of columns is now persisted across page navigation
 - console: allow customising graphql field names for columns of views (close #3689) (#4255)
 - console: fix clone permission migrations (close #3985) (#4277)
 - console: decouple data rows and count fetch in data browser to account for really large tables (close #3793) (#4269)
+- console: update cookie policy for API calls to "same-origin"
 - docs: add One-Click Render deployment guide (close #3683) (#4209)
 - server: reserved keywords in column references break parser (fix #3597) #3927
 - server: fix postgres specific error message that exposed database type on invalid query parameters (#4294)
diff --git a/console/src/Endpoints.js b/console/src/Endpoints.js
index 1847389c3badc..e6902b4beb580 100644
--- a/console/src/Endpoints.js
+++ b/console/src/Endpoints.js
@@ -21,7 +21,7 @@ const Endpoints = {
   telemetryServer: 'wss://telemetry.hasura.io/v1/ws',
 };
 
-const globalCookiePolicy = 'omit';
+const globalCookiePolicy = 'same-origin';
 
 export default Endpoints;
 export { globalCookiePolicy, baseUrl, hasuractlUrl };

From 8693b281c8a04bb6580470cd194c88d3dd6ee908 Mon Sep 17 00:00:00 2001
From: rikinsk <rikin.kachhia@gmail.com>
Date: Thu, 9 Apr 2020 14:01:25 +0530
Subject: [PATCH 2/2] replace omit with globalCookiePolicy

---
 console/src/utils/requestAction.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/console/src/utils/requestAction.js b/console/src/utils/requestAction.js
index 0f84ed023c5a7..5eabeb8843def 100644
--- a/console/src/utils/requestAction.js
+++ b/console/src/utils/requestAction.js
@@ -7,7 +7,8 @@ import {
   DONE_REQUEST,
   FAILED_REQUEST,
   ERROR_REQUEST,
-} from 'components/App/Actions';
+} from '../components/App/Actions';
+import { globalCookiePolicy } from '../Endpoints';
 
 const requestAction = (
   url,
@@ -17,7 +18,7 @@ const requestAction = (
   includeCredentials = true
 ) => {
   if (!options.credentials && includeCredentials) {
-    options.credentials = 'omit';
+    options.credentials = globalCookiePolicy;
   }
 
   return dispatch => {