From 38f19e6586cc8d7675e64260d7e638955512b11f Mon Sep 17 00:00:00 2001
From: Isaac Snow <isaacjsnow@gmail.com>
Date: Mon, 29 Oct 2018 17:32:13 -0700
Subject: [PATCH] fix: don't send cookies if we have an access token

---
 src/shared/backend/graphql.tsx | 2 +-
 src/shared/backend/lsp.tsx     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/backend/graphql.tsx b/src/shared/backend/graphql.tsx
index e483cc11..b1c1116c 100644
--- a/src/shared/backend/graphql.tsx
+++ b/src/shared/backend/graphql.tsx
@@ -68,7 +68,7 @@ function requestGraphQL<T extends GQL.IGraphQLResponseRoot>({
                 url: `${url}/.api/graphql` + queryName,
                 headers,
                 crossDomain: true,
-                withCredentials: true,
+                withCredentials: !(headers && headers.authorization),
                 body: JSON.stringify({ query: request, variables }),
                 async: true,
             }).pipe(
diff --git a/src/shared/backend/lsp.tsx b/src/shared/backend/lsp.tsx
index 7f278d30..2c34e4e9 100644
--- a/src/shared/backend/lsp.tsx
+++ b/src/shared/backend/lsp.tsx
@@ -52,7 +52,7 @@ const request = (url: string, method: string, requests: any[]): Observable<AjaxR
                 url: `${url}/.api/xlang/${method || ''}`,
                 headers,
                 crossDomain: true,
-                withCredentials: true,
+                withCredentials: !(headers && headers.authorization),
                 body: JSON.stringify(requests),
                 async: true,
             })