From ab333618ac2b85bef1d15592525c5ec867ab0eff Mon Sep 17 00:00:00 2001
From: Henry Heino <personalizedrefrigerator@gmail.com>
Date: Mon, 25 Nov 2024 08:33:23 -0800
Subject: [PATCH] Android: May fix #11292: Don't store WebDAV authentication
 cookies on Android

Note: An alternative, as suggested on the linked issue, might be to
allow users to manually delete all cookies (e.g. under advanced
settings). This, however, is more complicated (may require either
Android-specific native code or adding a library).
---
 packages/lib/WebDavApi.js | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/lib/WebDavApi.js b/packages/lib/WebDavApi.js
index 7bc9cd5cfba..930e5d38c2b 100644
--- a/packages/lib/WebDavApi.js
+++ b/packages/lib/WebDavApi.js
@@ -378,6 +378,15 @@ class WebDavApi {
 		if (options.path) fetchOptions.path = options.path;
 		if (body) fetchOptions.body = body;
 		fetchOptions.ignoreTlsErrors = this.options_.ignoreTlsErrors();
+		if (shim.mobilePlatform() === 'android') {
+			// Using credentials = 'omit' prevents authentication cookies from
+			// being stored. React Native has issues related to cookie authentication:
+			// https://github.com/facebook/react-native/issues/23185
+			//
+			// Auth tokens are passed through the "Authorization" header, so
+			// these cookies should not be necessary.
+			fetchOptions.credentials = 'omit';
+		}
 		const url = `${this.baseUrl()}/${ltrimSlashes(path)}`;
 
 		if (shim.httpAgent(url)) fetchOptions.agent = shim.httpAgent(url);