From 1f86faad121d05ed10743b5ed80a44ba763f69ef Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sun, 8 Sep 2024 15:51:44 +0000
Subject: [PATCH] web/api: don't request/send session token to custom instances

---
 web/src/lib/api/api.ts | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/web/src/lib/api/api.ts b/web/src/lib/api/api.ts
index 6d73390e..5b0b674a 100644
--- a/web/src/lib/api/api.ts
+++ b/web/src/lib/api/api.ts
@@ -9,9 +9,9 @@ import type { Optional } from "$lib/types/generic";
 import type { CobaltAPIResponse, CobaltErrorResponse } from "$lib/types/api";
 
 const request = async (url: string) => {
-    const gSettings = get(settings);
-    const saveSettings = gSettings.save;
-    const privacySettings = gSettings.privacy;
+    const currentSettings = get(settings);
+    const saveSettings = currentSettings.save;
+    const privacySettings = currentSettings.privacy;
 
     const request = {
         url,
@@ -36,8 +36,12 @@ const request = async (url: string) => {
     }
 
     await apiOverrideWarning();
+
+    const usingCustomInstance = currentSettings.processing.enableCustomInstances
+                                && currentSettings.processing.customInstanceURL;
     const api = currentApiURL();
-    const session = await getSession();
+    // FIXME: rewrite this to allow custom instances to specify their own turnstile tokens
+    const session = usingCustomInstance ? undefined : await getSession();
 
     let extraHeaders = {}