From 4757b28a9bbde04b2e0d749b1e638ddeefe17fb4 Mon Sep 17 00:00:00 2001
From: Justin Campbell <campb303@w2vm4.ecn.purdue.edu>
Date: Tue, 10 Nov 2020 19:10:40 -0500
Subject: [PATCH] Add JWT_REFRESH_CRSF_HEADER for easier reference

---
 api/api.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/api/api.py b/api/api.py
index f4b71e2..e1ffb89 100644
--- a/api/api.py
+++ b/api/api.py
@@ -38,7 +38,10 @@
 # Restrict cookies using SameSite=strict flag
 app.config["JWT_COOKIE_SAMESITE"] = "strict"
 # Restrict refresh tokens to /token/refresh endpoint
-app.config['JWT_REFRESH_COOKIE_PATH'] = '/tokens/refresh'
+app.config["JWT_REFRESH_COOKIE_PATH"] = '/tokens/refresh'
+# Set the cookie key for CRSF validation string
+# This is the default value. Adding it for easy reference
+app.config["JWT_REFRESH_CSRF_HEADER_NAME"] = "X-CSRF-TOKEN"
 
 tokenManager = JWTManager(app)