I'm only setting access token in cookies. But I found CSRF_token also in cookies. I don't understand why it's happening and how it's happening.
Look my code:- Setting access token.
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(identity=user.id)
resp=Response.SUCCESS(data={'id': user.id, 'refresh_token': refresh_token})
set_access_cookies(resp,access_token)
return resp
cookies
When I am using @jwt_requiured((locations=['cookies'],fresh=True)
it returning Missing CSRF token.
Here, I need to pass CSRF token through header. Does anyone know what is happening here ? and What should I do ?
I found out that, flask_jwt_extended CSRF_Token work like this. As a solution for that either disable csrf protection (app.config["JWT_COOKIE_CSRF_PROTECT"] = False
) or pass csrf_token through header.