Add JWT_REFRESH_CRSF_HEADER for easier reference

ECN · Nov 11, 2020 · 4757b28 · 4757b28
1 parent 5b752de
commit 4757b28
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/api/api.py b/api/api.py
@@ -38,7 +38,10 @@
 # Restrict cookies using SameSite=strict flag
 app.config["JWT_COOKIE_SAMESITE"] = "strict"
 # Restrict refresh tokens to /token/refresh endpoint
-app.config['JWT_REFRESH_COOKIE_PATH'] = '/tokens/refresh'
+app.config["JWT_REFRESH_COOKIE_PATH"] = '/tokens/refresh'
+# Set the cookie key for CRSF validation string
+# This is the default value. Adding it for easy reference
+app.config["JWT_REFRESH_CSRF_HEADER_NAME"] = "X-CSRF-TOKEN"
 
 tokenManager = JWTManager(app)