Added xsrf cookie to CO2 requests with the credentials: "include" option (ref)
xsrf
credentials: "include"