Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CSRF and CSRF REFRESH Cookie sets to Secure by default, Nothing Happens even if i change config manually.
See original GitHub issueI have a development stage Flask App running. For now, I don’t want my cookies to be secure and as per docs, it’s false by default (I even tried it setting manually) but still the same error.
JWT_COOKIE_CSRF_PROTECT = True JWT_COOKIE_SECURE = False
my access_token and access_token_refresh is not getting secure attribute i.e it is working as expected but the same is not true for csrf cookies.
any suggestion or fix suggested.
PFA: Screen Shot of cookie storage
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Ugh. Well that’s really dumb and annoying. I guess you could try changing the cookie names via the
JWT_ACCESS_CSRF_COOKIE_NAMEandJWT_REFRESH_CSRF_COOKIE_NAMEoptions to get around that, but it feels like a pretty brittle band-aid for the issue at hand. I don’t know what else to do for this situation thoug. Sorry! 😞I found this,
https://stackoverflow.com/questions/52763345/browsers-ignore-set-cookie-response-header-if-we-try-to-set-a-cookie-which-was-s This is the exact problem, I guess.