diff --git a/docs/options.rst b/docs/options.rst index bf29237f..2cacdcf7 100644 --- a/docs/options.rst +++ b/docs/options.rst @@ -60,6 +60,8 @@ These are only applicable if ``JWT_TOKEN_LOCATION`` is set to use cookies. ``JWT_COOKIE_SECURE`` If the secure flag should be set on your JWT cookies. This will only allow the cookies to be sent over https. Defaults to ``False``, but in production this should likely be set to ``True``. +``JWT_COOKIE_DOMAIN`` Value to use for a cross domain cookies. Defaults to ``None`` which sets + this cookie to only be readable by the domain that set it. ``JWT_SESSION_COOKIE`` If the cookies should be session cookies (deleted when the browser is closed) or persistent cookies (never expire). Defaults to ``True`` (session cookies). diff --git a/tests/test_config.py b/tests/test_config.py index f22b3a26..91da0395 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -29,6 +29,7 @@ def test_default_configs(self): self.assertEqual(config.access_cookie_path, '/') self.assertEqual(config.refresh_cookie_path, '/') self.assertEqual(config.cookie_secure, False) + self.assertEqual(config.cookie_domain, None) self.assertEqual(config.session_cookie, True) self.assertEqual(config.csrf_protect, False) @@ -66,6 +67,7 @@ def test_override_configs(self): self.app.config['JWT_ACCESS_COOKIE_PATH'] = '/access/path' self.app.config['JWT_REFRESH_COOKIE_PATH'] = '/refresh/path' self.app.config['JWT_COOKIE_SECURE'] = True + self.app.config['JWT_COOKIE_DOMAIN'] = ".example.com" self.app.config['JWT_SESSION_COOKIE'] = False self.app.config['JWT_COOKIE_CSRF_PROTECT'] = True @@ -100,6 +102,7 @@ def test_override_configs(self): self.assertEqual(config.access_cookie_path, '/access/path') self.assertEqual(config.refresh_cookie_path, '/refresh/path') self.assertEqual(config.cookie_secure, True) + self.assertEqual(config.cookie_domain, ".example.com") self.assertEqual(config.session_cookie, False) self.assertEqual(config.csrf_protect, True)