X-Git-Url: https://git.auder.net/js/rpsls.js?a=blobdiff_plain;f=client%2Fsrc%2Futils%2Fajax.js;h=01ea84935f132ebf7713cbf4f7a242eea3ffe791;hb=e64c6f67185b45b3b1205069532362c1bf9680db;hp=0a50a10409ac1c332b84e141f61a110846b72c0f;hpb=1aeed627be63a298d3a093797c3728e3de30b464;p=vchess.git

diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js
index 0a50a104..01ea8493 100644
--- a/client/src/utils/ajax.js
+++ b/client/src/utils/ajax.js
@@ -1,5 +1,8 @@
 import params from "../parameters"; //for server URL
 
+// TODO: replace by fetch API ?
+// https://www.sitepoint.com/xmlhttprequest-vs-the-fetch-api-whats-best-for-ajax-in-2019/
+
 // From JSON (encoded string values!) to "arg1=...&arg2=..."
 function toQueryString(data)
 {
@@ -47,8 +50,8 @@ export function ajax(url, method, data, success, error)
 	}
 	xhr.open(method, params.serverUrl + url, true);
 	xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest");
-	// Next line because logout and authenticate set (cross-domain in dev mode) cookies
-  if (url.startsWith("/authenticate") || url.startsWith("/logout"))
+	// Next line to allow cross-domain cookies in dev mode (TODO: if...)
+  if (params.cors)
     xhr.withCredentials = true;
   if (["POST","PUT"].includes(method))
 	{