问题描述

我只在 cookie 中设置访问令牌.但是我在 cookie 中也发现了 CSRF_token.我不明白它为什么会发生以及它是如何发生的.

I'm only setting access token in cookies. But I found CSRF_token also in cookies. I don't understand why it's happening and how it's happening.

看看我的代码:-设置访问令牌.

     access_token = create_access_token(identity=user.id, fresh=True)
     refresh_token = create_refresh_token(identity=user.id)
     resp=Response.SUCCESS(data={'id': user.id, 'refresh_token': refresh_token})
     set_access_cookies(resp,access_token)
     return resp

cookies

当我使用 @jwt_requiured((locations=['cookies'],fresh=True) 时，它返回 缺少 CSRF 令牌.在这里，我需要通过标头传递 CSRF 令牌.有谁知道这里发生了什么?我该怎么办?

When I am using @jwt_requiured((locations=['cookies'],fresh=True) it returning Missing CSRF token.Here, I need to pass CSRF token through header. Does anyone know what is happening here ? and What should I do ?

推荐答案

我发现，flask_jwt_extended CSRF_Token 是这样工作的.作为解决方案，要么禁用 csrf 保护(app.config[JWT_COOKIE_CSRF_PROTECT"] = False)或通过标头传递 csrf_token.

I found out that, flask_jwt_extended CSRF_Token work like this. As a solution for that either disable csrf protection (app.config["JWT_COOKIE_CSRF_PROTECT"] = False) or pass csrf_token through header.

这篇关于在flask_restful 中的flask_jwt_extended CSRF_Token的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！