CSRF Options

authjwt_cookie_csrf_protect

Enable/disable CSRF protection when using cookies. Defaults to True

authjwt_access_csrf_cookie_key

Key of the CSRF access cookie. Defaults to 'csrf_access_token'

authjwt_refresh_csrf_cookie_key

Key of the CSRF refresh cookie. Defaults to 'csrf_refresh_token'

authjwt_access_csrf_cookie_path

Path for the CSRF access cookie. Defaults to '/'

authjwt_refresh_csrf_cookie_path

Path for the CSRF refresh cookie. Defaults to '/'

authjwt_access_csrf_header_name

Name of the header that should contain the CSRF double submit value for access tokens. Defaults to X-CSRF-TOKEN

authjwt_refresh_csrf_header_name

Name of the header that should contains the CSRF double submit value for refresh tokens. Defaults to X-CSRF-TOKEN

authjwt_csrf_methods

The request methods that will use CSRF protection. Defaults to {'POST','PUT','PATCH','DELETE'}