From a5a185d36be09febd13140f5ba8972e1346191ad Mon Sep 17 00:00:00 2001 From: Justin Campbell Date: Mon, 29 Mar 2021 19:23:18 -0400 Subject: [PATCH] Remove JWT Refresh path restriction --- webqueue2_api/api.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/webqueue2_api/api.py b/webqueue2_api/api.py index 7fcefa4..0edcd61 100644 --- a/webqueue2_api/api.py +++ b/webqueue2_api/api.py @@ -40,8 +40,6 @@ app.config["JWT_COOKIE_SECURE"] = False if os.environ.get("ENVIRONMENT") == "dev" else True # Restrict cookies using SameSite=strict flag app.config["JWT_COOKIE_SAMESITE"] = "strict" -# Restrict refresh tokens to /token/refresh endpoint -app.config["JWT_REFRESH_COOKIE_PATH"] = '/tokens/refresh' # Set the cookie key for CRSF validation string # This is the default value. Adding it for easy reference app.config["JWT_REFRESH_CSRF_HEADER_NAME"] = "X-CSRF-TOKEN" @@ -249,4 +247,4 @@ def get(self) -> tuple: api.add_resource(QueueList, "/api/get_queues") if __name__ == "__main__": - app.run() \ No newline at end of file + app.run()