quaik8/sdb-back
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Restrict JWT access cookie path and update Socket.IO CORS path

Browse Source
This commit is contained in:
JSC
2025-07-08 22:35:47 +02:00
parent 2e464dc977
commit 7d224d1db7
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/__init__.py
View File

@@ -37,9 +37,8 @@ def create_app():
app.config["JWT_TOKEN_LOCATION"] = ["cookies"] app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
app.config["JWT_COOKIE_SECURE"] = False # Set to True in production app.config["JWT_COOKIE_SECURE"] = False # Set to True in production
app.config["JWT_COOKIE_CSRF_PROTECT"] = False app.config["JWT_COOKIE_CSRF_PROTECT"] = False
app.config["JWT_ACCESS_COOKIE_PATH"] = ( app.config["JWT_COOKIE_SAMESITE"] = "Lax" # Allow cross-origin requests
"/" # Allow access to all paths including SocketIO app.config["JWT_ACCESS_COOKIE_PATH"] = "/api/" # Restrict to API paths only
)
app.config["JWT_REFRESH_COOKIE_PATH"] = "/api/auth/refresh" app.config["JWT_REFRESH_COOKIE_PATH"] = "/api/auth/refresh"
# Initialize CORS # Initialize CORS
@@ -56,6 +55,7 @@ def create_app():
app, app,
cors_allowed_origins="http://localhost:3000", cors_allowed_origins="http://localhost:3000",
cors_credentials=True, cors_credentials=True,
path="/api/socket.io/", # Use /api prefix for Socket.IO
) )
# Initialize JWT manager # Initialize JWT manager