From f3915c4d7b0635ea9ea6bfdd964193bf27b6c616 Mon Sep 17 00:00:00 2001
From: Yannick Chiron <yannick.chiron@gmail.com>
Date: Thu, 22 Sep 2022 18:02:11 +0200
Subject: [PATCH] fix: Prevent cookie duplication when calling
 `/apps/:slug/open`

In some scenario (mainly in production) we observed that cookie was
duplicated in the HTTP headers. Also both cookies were separated by a
comma instead of a semicolon

This form is not supported by cozy-stack and the result is that the
cozy-stack consider the request is not cookie-authenticated

So when calling `/apps/:slug/open`, a new generated cookie would be
returned instead of the provided one as expected in #277

To fix this we want to specify `credentials:omit` into the fetch
options, this would prevent react-native to inject a copy of the same
cookie

More info: https://github.com/facebook/react-native/issues/23185#issuecomment-536420223
---
 src/libs/client.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/libs/client.js b/src/libs/client.js
index 469e578dc..7703ad580 100644
--- a/src/libs/client.js
+++ b/src/libs/client.js
@@ -338,8 +338,11 @@ export const fetchPublicData = async client => {
 export const fetchCozyDataForSlug = async (slug, client, cookie) => {
   const stackClient = client.getStackClient()
 
-  const headers = cookie
+  const options = cookie
     ? {
+        // credentials:omit is necessary here to prevent cookie duplication in the fetch call
+        // more info: https://github.com/facebook/react-native/issues/23185#issuecomment-536420223
+        credentials: 'omit',
         headers: {
           Cookie: `${cookie.name}=${cookie.value}`
         }
@@ -350,7 +353,7 @@ export const fetchCozyDataForSlug = async (slug, client, cookie) => {
     'GET',
     `/apps/${slug}/open`,
     undefined,
-    headers
+    options
   )
 
   return result