From 984332da4bad2c3fd22ee9d3acc52b0d35d683d0 Mon Sep 17 00:00:00 2001 From: Landon GB Date: Fri, 14 Apr 2017 23:33:24 -0600 Subject: [PATCH] Documentation and test for cookie domain --- docs/options.rst | 2 ++ tests/test_config.py | 3 +++ 2 files changed, 5 insertions(+) diff --git a/docs/options.rst b/docs/options.rst index bf29237f..2cacdcf7 100644 --- a/docs/options.rst +++ b/docs/options.rst @@ -60,6 +60,8 @@ These are only applicable if ``JWT_TOKEN_LOCATION`` is set to use cookies. ``JWT_COOKIE_SECURE`` If the secure flag should be set on your JWT cookies. This will only allow the cookies to be sent over https. Defaults to ``False``, but in production this should likely be set to ``True``. +``JWT_COOKIE_DOMAIN`` Value to use for a cross domain cookies. Defaults to ``None`` which sets + this cookie to only be readable by the domain that set it. ``JWT_SESSION_COOKIE`` If the cookies should be session cookies (deleted when the browser is closed) or persistent cookies (never expire). Defaults to ``True`` (session cookies). diff --git a/tests/test_config.py b/tests/test_config.py index f22b3a26..91da0395 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -29,6 +29,7 @@ def test_default_configs(self): self.assertEqual(config.access_cookie_path, '/') self.assertEqual(config.refresh_cookie_path, '/') self.assertEqual(config.cookie_secure, False) + self.assertEqual(config.cookie_domain, None) self.assertEqual(config.session_cookie, True) self.assertEqual(config.csrf_protect, False) @@ -66,6 +67,7 @@ def test_override_configs(self): self.app.config['JWT_ACCESS_COOKIE_PATH'] = '/access/path' self.app.config['JWT_REFRESH_COOKIE_PATH'] = '/refresh/path' self.app.config['JWT_COOKIE_SECURE'] = True + self.app.config['JWT_COOKIE_DOMAIN'] = ".example.com" self.app.config['JWT_SESSION_COOKIE'] = False self.app.config['JWT_COOKIE_CSRF_PROTECT'] = True @@ -100,6 +102,7 @@ def test_override_configs(self): self.assertEqual(config.access_cookie_path, '/access/path') self.assertEqual(config.refresh_cookie_path, '/refresh/path') self.assertEqual(config.cookie_secure, True) + self.assertEqual(config.cookie_domain, ".example.com") self.assertEqual(config.session_cookie, False) self.assertEqual(config.csrf_protect, True)