pythonaccess-tokenflask-restfulcsrf-tokenflask-jwt-extended

flask_jwt_extended CSRF_Token in flask_restful


I'm only setting access token in cookies. But I found CSRF_token also in cookies. I don't understand why it's happening and how it's happening.

Look my code:- Setting access token.

     access_token = create_access_token(identity=user.id, fresh=True)
     refresh_token = create_refresh_token(identity=user.id)
     resp=Response.SUCCESS(data={'id': user.id, 'refresh_token': refresh_token})
     set_access_cookies(resp,access_token)
     return resp

cookies

Postman Cookies

When I am using @jwt_requiured((locations=['cookies'],fresh=True) it returning Missing CSRF token. Here, I need to pass CSRF token through header. Does anyone know what is happening here ? and What should I do ?


Solution

  • I found out that, flask_jwt_extended CSRF_Token work like this. As a solution for that either disable csrf protection (app.config["JWT_COOKIE_CSRF_PROTECT"] = False) or pass csrf_token through header.