add support for specifying cookie domain with JWT_COOKIE_DOMAIN

frnsys · frnsys · commit ea6d0188d354 · 2017-04-15T00:33:08.000-04:00
diff --git a/flask_jwt_extended/config.py b/flask_jwt_extended/config.py
@@ -10,7 +10,7 @@ class _Config(object):
     Helper object for accessing and verifying options in this extension. This
     is meant for internal use of the application; modifying config options
     should be done with flasks ```app.config```.
-    
+
     Default values for the configuration options are set in the jwt_manager
     object. All of these values are read only.
     """
@@ -65,6 +65,10 @@ def refresh_cookie_path(self):
     def cookie_secure(self):
         return current_app.config['JWT_COOKIE_SECURE']
 
+    @property
+    def cookie_domain(self):
+        return current_app.config.get('JWT_COOKIE_DOMAIN', None)
+
     @property
     def session_cookie(self):
         return current_app.config['JWT_SESSION_COOKIE']
diff --git a/flask_jwt_extended/utils.py b/flask_jwt_extended/utils.py
@@ -70,6 +70,7 @@ def set_access_cookies(response, encoded_access_token):
                         max_age=config.cookie_max_age,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.access_cookie_path)
 
     # If enabled, set the csrf double submit access cookie
@@ -79,6 +80,7 @@ def set_access_cookies(response, encoded_access_token):
                             max_age=config.cookie_max_age,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.access_csrf_cookie_path)
 
 
@@ -97,6 +99,7 @@ def set_refresh_cookies(response, encoded_refresh_token):
                         max_age=config.cookie_max_age,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.refresh_cookie_path)
 
     # If enabled, set the csrf double submit refresh cookie
@@ -106,6 +109,7 @@ def set_refresh_cookies(response, encoded_refresh_token):
                             max_age=config.cookie_max_age,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.refresh_csrf_cookie_path)
 
 
@@ -124,12 +128,14 @@ def unset_jwt_cookies(response):
                         expires=0,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.refresh_cookie_path)
     response.set_cookie(config.access_cookie_name,
                         value='',
                         expires=0,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.access_cookie_path)
 
     if config.csrf_protect and config.csrf_in_cookies:
@@ -138,10 +144,12 @@ def unset_jwt_cookies(response):
                             expires=0,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.refresh_csrf_cookie_path)
         response.set_cookie(config.access_csrf_cookie_name,
                             value='',
                             expires=0,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.access_csrf_cookie_path)
