From 3670800a51a852d1330db7bb7cc9dd8ce928eb97 Mon Sep 17 00:00:00 2001
From: zadam <zadam.apps@gmail.com>
Date: Mon, 1 Apr 2019 21:18:11 +0200
Subject: [PATCH] set cookie header only for electron calls

---
 src/public/javascripts/services/server.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/public/javascripts/services/server.js b/src/public/javascripts/services/server.js
index eaf29256b..261c51d44 100644
--- a/src/public/javascripts/services/server.js
+++ b/src/public/javascripts/services/server.js
@@ -5,12 +5,17 @@ function getHeaders() {
     // headers need to be lowercase because node.js automatically converts them to lower case
     // so hypothetical protectedSessionId becomes protectedsessionid on the backend
     // also avoiding using underscores instead of dashes since nginx filters them out by default
-    return {
-        // passing it explicitely here because of the electron HTTP bypass
-        'cookie': document.cookie,
+    const headers = {
         'trilium-source-id': glob.sourceId,
         'x-csrf-token': glob.csrfToken
     };
+
+    if (utils.isElectron()) {
+        // passing it explicitely here because of the electron HTTP bypass
+        headers.cookie = document.cookie;
+    }
+
+    return headers;
 }
 
 async function get(url) {