From 1fbe9df5de3555cb8224b30273f12e66437aead2 Mon Sep 17 00:00:00 2001
From: Vincent Fiduccia <vincent@rancher.com>
Date: Wed, 13 Jan 2021 17:11:45 -0700
Subject: [PATCH] Pass cookies through on SSR requests

---
 plugins/axios.js | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/plugins/axios.js b/plugins/axios.js
index ffaaf7e22b..47e8541619 100644
--- a/plugins/axios.js
+++ b/plugins/axios.js
@@ -6,21 +6,30 @@ export default function({
   $axios, $cookies, isDev, req
 }) {
   $axios.defaults.headers.common['Accept'] = 'application/json';
-  $axios.defaults.xsrfCookieName = 'CSRF';
-  $axios.defaults.xsrfHeaderName = 'X-Api-Csrf';
   $axios.defaults.withCredentials = true;
 
-  if ( process.server ) {
-    $axios.defaults.headers.common['user-agent'] = `Dashboard (Mozilla) v${ pkg.version }`;
-    $axios.defaults.headers.common['access-control-expose-headers'] = `set-cookie`;
+  $axios.onRequest((config) => {
+    const csrf = $cookies.get('CSRF');
+
+    if ( csrf ) {
+      config.headers['x-api-csrf'] = csrf;
+    }
+
+    if ( process.server ) {
+      config.headers.common['access-control-expose-headers'] = `set-cookie`;
+      config.headers.common['user-agent'] = `Dashboard (Mozilla) v${ pkg.version }`;
+
+      if ( req.headers.cookie ) {
+        config.headers.common['cookies'] = req.headers.cookie;
+      }
 
-    // For requests from the server, set the base URL to the URL that the request came in on
-    $axios.onRequest((config) => {
       if ( config.url.startsWith('/') ) {
         config.baseURL = `${ req.protocol || 'https' }://${ req.headers.host }`;
       }
-    });
+    }
+  });
 
+  if ( process.server ) {
     $axios.onResponse((res) => {
       const parsed = setCookieParser(res.headers['set-cookie'] || []);