From f662571cabdf4e66d8b84bf31a44892c3e00bf93 Mon Sep 17 00:00:00 2001
From: howard-stearns <howard.stearns@gmail.com>
Date: Wed, 15 Mar 2017 15:46:25 -0700
Subject: [PATCH] send credentials to private data-webs as well

---
 libraries/script-engine/src/XMLHttpRequestClass.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/script-engine/src/XMLHttpRequestClass.cpp b/libraries/script-engine/src/XMLHttpRequestClass.cpp
index 4e528ec52c..1d3c8fda32 100644
--- a/libraries/script-engine/src/XMLHttpRequestClass.cpp
+++ b/libraries/script-engine/src/XMLHttpRequestClass.cpp
@@ -143,7 +143,7 @@ void XMLHttpRequestClass::open(const QString& method, const QString& url, bool a
         if (url.toLower().left(METAVERSE_API_URL.length()) == METAVERSE_API_URL) {
             auto accountManager = DependencyManager::get<AccountManager>();
                 
-            if (_url.scheme() == "https" && accountManager->hasValidAccessToken()) {
+            if (accountManager->hasValidAccessToken()) {
                 static const QString HTTP_AUTHORIZATION_HEADER = "Authorization";
                 QString bearerString = "Bearer " + accountManager->getAccountInfo().getAccessToken().token;
                 _request.setRawHeader(HTTP_AUTHORIZATION_HEADER.toLocal8Bit(), bearerString.toLocal8Bit());