Omitting credentials in ajax requests
Is there a security reason that Inlay ajax requests omit credentials?
Use-case is we have some UTM data in a cookie that I'd like to grab when creating new contacts.
We've changed it to same-origin here and it seems ok, but just checking I haven't opened a hole somehow.
Edited by Andrew West