Request - add same site cookie attribute optional

[johaven]

According to the security benefit cited here : https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/

Is it possible to include this in global options and on cookies ?

[vimalloc]

I haven't seen samesite cookies before, that is very interesting. Thanks for the read!

I would prefer to add this functionality via a flask/werkzeug helper method instead of manually modifying cookies myself, to keep things more secure and maintainable. I'll track this being integrated here and here. Once it it has been added, I will include it as an option in this library.

Cheers!

[johaven]

Perfect ! Another question because we are talking about cookies.
Why don't you clean the CSRF Token with unset_jwt_cookies method ?

[vimalloc]

Good catch. That is entirely an oversite on my end. I'll get a new version of this pushed out which unsets those as well. 👍

[vimalloc]

Released in 3.6.0.