Documentation and test for cookie domain

vimalloc · Apr 15, 2017 · 984332d · 984332d
1 parent bd2922b
commit 984332d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/docs/options.rst b/docs/options.rst
@@ -60,6 +60,8 @@ These are only applicable if ``JWT_TOKEN_LOCATION`` is set to use cookies.
 ``JWT_COOKIE_SECURE``             If the secure flag should be set on your JWT cookies. This will only allow
                                   the cookies to be sent over https. Defaults to ``False``, but in production
                                   this should likely be set to ``True``.
+``JWT_COOKIE_DOMAIN``             Value to use for a cross domain cookies. Defaults to ``None`` which sets
+                                  this cookie to only be readable by the domain that set it.
 ``JWT_SESSION_COOKIE``            If the cookies should be session cookies (deleted when the
                                   browser is closed) or persistent cookies (never expire).
                                   Defaults to ``True`` (session cookies).

diff --git a/tests/test_config.py b/tests/test_config.py
@@ -29,6 +29,7 @@ def test_default_configs(self):
             self.assertEqual(config.access_cookie_path, '/')
             self.assertEqual(config.refresh_cookie_path, '/')
             self.assertEqual(config.cookie_secure, False)
+            self.assertEqual(config.cookie_domain, None)
             self.assertEqual(config.session_cookie, True)
 
             self.assertEqual(config.csrf_protect, False)
@@ -66,6 +67,7 @@ def test_override_configs(self):
         self.app.config['JWT_ACCESS_COOKIE_PATH'] = '/access/path'
         self.app.config['JWT_REFRESH_COOKIE_PATH'] = '/refresh/path'
         self.app.config['JWT_COOKIE_SECURE'] = True
+        self.app.config['JWT_COOKIE_DOMAIN'] = ".example.com"
         self.app.config['JWT_SESSION_COOKIE'] = False
 
         self.app.config['JWT_COOKIE_CSRF_PROTECT'] = True
@@ -100,6 +102,7 @@ def test_override_configs(self):
             self.assertEqual(config.access_cookie_path, '/access/path')
             self.assertEqual(config.refresh_cookie_path, '/refresh/path')
             self.assertEqual(config.cookie_secure, True)
+            self.assertEqual(config.cookie_domain, ".example.com")
             self.assertEqual(config.session_cookie, False)
 
             self.assertEqual(config.csrf_protect, True)