Comments (5)
vimalloc
commented on July 26, 2024
They still exist: https://flask-jwt-extended.readthedocs.io/en/stable/token_locations.html#cookies
from flask-jwt-extended.
bostonareahuman
commented on July 26, 2024
The javascript does but not the overall FLASK that will initiate the cookies and how they should be implemented...older versions of the docs had this.
from flask-jwt-extended.
vimalloc
commented on July 26, 2024
It's at the very top of the same page. https://flask-jwt-extended.readthedocs.io/en/stable/token_locations.html
from flask-jwt-extended.
bostonareahuman
commented on July 26, 2024
The top code doesn't contain the CSRF of the whole example put together...it just contains the access cookie.. I'm spitting hairs but previous version had a full examples of double submission JWT.... it would be helpful...
from flask-jwt-extended.
vimalloc
commented on July 26, 2024
That is all the code… you don’t need to do anything to prevent csrf attacks other then what is in that example.
By default, csrf protection is enabled when storing your jwts in cookies. The set_access_cookie call will set both the jwt in an httponly cookies, as well as the double submit token in a non httponly cookie
from flask-jwt-extended.
Related Issues (20)
- No 401 on failure HOT 1
- 'JWT_HEADER_TYPE' is being set to "" but not reflecting. I mean I still have to pass 'Bearer <token>'
- Signature verification failed with just generated tokens HOT 1
- Unable to catch errors using flask @app.errorhandler HOT 2
- Implicit refresh with cookies: timeout does not remove JWT/CSRF cookies – was this expected? HOT 1
- How does the CSRF functionality work? HOT 2
- Decoding CSRF Token from cookies does not work HOT 1
- flask-jwt-extended, refresh token HOT 3
- RS512 not supported HOT 2
- Is option JWT_REFRESH_TOKEN_EXPIRES working? HOT 3
- ImportError: cannot import name 'DecodeError' from 'jwt' (/usr/local/lib/python3.10/dist-packages/jwt/__init__.py) HOT 1
- Minimum cryptography version is vulnerable to CVE HOT 1
- Multiple JWT_HEADER_TYPE options HOT 1
- DeprecationWarning: The '__version__' attribute is deprecated and will be removed in Flask 3.1 HOT 1
- Changing Default Behaviors in another file doesnt work with flask-restful HOT 1
- Collections Module Issue
- Flask-JWT-Extended always assuming token is a refresh token HOT 2
- Setting 'kid' claim as part of encode_key_loader HOT 1
- Flask v3 Error Registering Blueprints with Routes Using @jwt_required HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-jwt-extended.