fix csrf protection on electron build

src/public/javascripts/services/protected_session_holder.js

@@ -18,10 +18,6 @@ function setProtectedSessionTimeout(encSessTimeout) {
     protectedSessionTimeout = encSessTimeout;
 }
 
-function getProtectedSessionId() {
-    return utils.getCookie(PROTECTED_SESSION_ID_KEY);
-}
-
 function setProtectedSessionId(id) {
     // using session cookie so that it disappears after browser/tab is closed
     utils.setSessionCookie(PROTECTED_SESSION_ID_KEY, id);
@@ -46,7 +42,6 @@ function touchProtectedSession() {
 }
 
 export default {
-    getProtectedSessionId,
     setProtectedSessionId,
     resetProtectedSession,
     isProtectedSessionAvailable,

src/public/javascripts/services/server.js

@@ -1,22 +1,13 @@
-import protectedSessionHolder from './protected_session_holder.js';
 import utils from './utils.js';
 import infoService from "./info.js";
 
 function getHeaders() {
-    let protectedSessionId = null;
-
-    try { // this is because protected session might not be declared in some cases
-        protectedSessionId = protectedSessionHolder.getProtectedSessionId();
-    }
-    catch(e) {}
-
     // headers need to be lowercase because node.js automatically converts them to lower case
     // so hypothetical protectedSessionId becomes protectedsessionid on the backend
     // also avoiding using underscores instead of dashes since nginx filters them out by default
     return {
-        // protectedSessionId is normally carried in cookie, but for electron AJAX requests we bypass
-        // HTTP so no cookies and we need to pass it here explicitly
-        'trilium-protected-session-id': protectedSessionId,
+        // passing it explicitely here because of the electron HTTP bypass
+        'cookie': document.cookie,
         'trilium-source-id': glob.sourceId,
         'x-csrf-token': glob.csrfToken
     };