Cookie for multiple domain

[bejito]

In order to easy frontend development, I want to let frontend developers plug their local frontend to a remote server (not in prod of course). That remote server thus needs to set the cookie for its domain and for localhost so that the local frontend can authenticate and access the cookie. Using same site is not enough here because I need ot explicitly access the cookie in JS to get the csrf token.

Set the access cookie for multiple domains does not seem to be doable right now though because the domain is passed via environment variables, so not easily changeable at runtime.

Is there a way to achieve this currently ? Otherwise, it would be nice to have an optional arg in set_access_cookies to pass a domain that would override the one from JWT_COOKIE_DOMAIN.

Thanks !

[vimalloc]

That is not something cookies support. Per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Multiple host/domain values are not allowed, but if a domain is specified, then subdomains are always included.

[bejito]

@vimalloc thanks for the fast response.
Multiple domains are not usable indeed for a single Set-Cookie. In that case, what we usually do is to Set-Cookie multiple times, one with each domain. That is totally legit but not currently possible with this library because the domain is only settable through env variables.

[vimalloc]

Oh sorry I misunderstood the ask. Yeah I have no problem adding an optional kwarg to override the cookie domain on the set cookie calls! Did you want to take a stab at a PR for that? If not I’ll add it when I have some time to work on this 👍

[bejito]

I can totally take a look at it