From be65444c3735b26808c490e4410c2f8f68a88444 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Salvador=20Giron=C3=A8s?= <salvadorgirones@gmail.com>
Date: Thu, 5 Dec 2024 10:21:20 +0100
Subject: [PATCH] fix(core/js-sdk) Add the credentials field in the fetch()
 only if supported

---
 packages/core/js-sdk/src/client.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/core/js-sdk/src/client.ts b/packages/core/js-sdk/src/client.ts
index 03794630f809d..025e0b7b0a6e0 100644
--- a/packages/core/js-sdk/src/client.ts
+++ b/packages/core/js-sdk/src/client.ts
@@ -58,11 +58,17 @@ const normalizeRequest = (
     body = JSON.stringify(body)
   }
 
+  const isFetchCredentialsSupported = "credentials" in Request.prototype
+
   return {
     ...init,
     headers,
     // TODO: Setting this to "include" poses some security risks, as it will send cookies to any domain. We should consider making this configurable.
-    credentials: config.auth?.type === "session" ? "include" : "omit",
+    credentials: isFetchCredentialsSupported
+      ? config.auth?.type === "session"
+        ? "include"
+        : "omit"
+      : undefined,
     ...(body ? { body: body as RequestInit["body"] } : {}),
   } as RequestInit
 }