1cc53c5240946811f8f18ec10f2704872f5ff3d5
chmalee
  Wed Nov 5 13:41:36 2025 -0800
Send credentials (cookies) when doing async cart requests now that we do them 'cross-site' from genome-euro and genome-asia to the RR for the hubspace ui. These were already send by default when making requests to the same origin, and will not work even with this change without also modifying Apache to set the correct Access-Control headers

diff --git src/hg/js/model/lib/cart.js src/hg/js/model/lib/cart.js
index e4cf677c02f..7544e9b2f0c 100644
--- src/hg/js/model/lib/cart.js
+++ src/hg/js/model/lib/cart.js
@@ -138,31 +138,34 @@
     }
 
     function debugLog() {
         // If debug is true, use console.log to print info.
         if (debug) {
             console.log(arguments);
         }
     }
 
     function ajaxParamsForReq(reqObj) {
         // Return an object suitable as the argument to $.ajax for a POST reqObj to the server/CGI.
         var ajaxParams = {
             type: "POST",
             url: requireCgiUrl(),
             data: reqObj,
-            dataType: 'json'
+            dataType: 'json',
+            xhrFields: {
+                withCredentials: true,
+            },
         };
         var paramString = reqToString(reqObj);
         debugLog('cart.flush: data =', reqObj, ', params = ' + paramString);
         return ajaxParams;
     }
 
     function ajaxParamsForReqWithFile(reqObj, jqFileInput) {
         // Return an object suitable as the argument to $.ajax for a POST reqObj to the server/CGI
         // with the contents of the file identified by jqFileInput.
         // Depending on whether the browser supports the FormData API, use either FormData
         // or a fallback plugin (jquery.bifrost).
         var ajaxParams = {
             type: 'POST',
             url: requireCgiUrl(),
         };