Android: May fix laurent22#11292: Don't store WebDAV authentication c…

…ookies on Android

Note: An alternative, as suggested on the linked issue, might be to
allow users to manually delete all cookies (e.g. under advanced
settings). This, however, is more complicated (may require either
Android-specific native code or adding a library).

packages/lib/WebDavApi.js

@@ -378,6 +378,15 @@ class WebDavApi {
 		if (options.path) fetchOptions.path = options.path;
 		if (body) fetchOptions.body = body;
 		fetchOptions.ignoreTlsErrors = this.options_.ignoreTlsErrors();
+		if (shim.mobilePlatform() === 'android') {
+			// Using credentials = 'omit' prevents authentication cookies from
+			// being stored. React Native has issues related to cookie authentication:
+			// https://github.com/facebook/react-native/issues/23185
+			//
+			// Auth tokens are passed through the "Authorization" header, so
+			// these cookies should not be necessary.
+			fetchOptions.credentials = 'omit';
+		}
 		const url = `${this.baseUrl()}/${ltrimSlashes(path)}`;
 
 		if (shim.httpAgent(url)) fetchOptions.agent = shim.httpAgent(url);