In testing this frontend PR IQSS/dataverse-frontend#896 we are getting different behavior depending on the existence of dataverse session cookies. For example, when an API call is made from the SPA and the user is not logged in, the Download with Guestbook API call is using session cookies to authenticate the user.
To prevent this, we need to modify the API calls so that if bearer token authentication is configured, no session cookies are sent in the API call.
In testing this frontend PR IQSS/dataverse-frontend#896 we are getting different behavior depending on the existence of dataverse session cookies. For example, when an API call is made from the SPA and the user is not logged in, the Download with Guestbook API call is using session cookies to authenticate the user.
To prevent this, we need to modify the API calls so that if bearer token authentication is configured, no session cookies are sent in the API call.