From ea6d0188d35460798299f5e9d4cc50512a53e1d1 Mon Sep 17 00:00:00 2001
From: Francis Tseng <f+accounts@frnsys.com>
Date: Sat, 15 Apr 2017 00:33:08 -0400
Subject: [PATCH 1/2] add support for specifying cookie domain with
 JWT_COOKIE_DOMAIN

---
 flask_jwt_extended/config.py | 6 +++++-
 flask_jwt_extended/utils.py  | 8 ++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/flask_jwt_extended/config.py b/flask_jwt_extended/config.py
index dd2ddd2d..fb7f127e 100644
--- a/flask_jwt_extended/config.py
+++ b/flask_jwt_extended/config.py
@@ -10,7 +10,7 @@ class _Config(object):
     Helper object for accessing and verifying options in this extension. This
     is meant for internal use of the application; modifying config options
     should be done with flasks ```app.config```.
-    
+
     Default values for the configuration options are set in the jwt_manager
     object. All of these values are read only.
     """
@@ -65,6 +65,10 @@ def refresh_cookie_path(self):
     def cookie_secure(self):
         return current_app.config['JWT_COOKIE_SECURE']
 
+    @property
+    def cookie_domain(self):
+        return current_app.config.get('JWT_COOKIE_DOMAIN', None)
+
     @property
     def session_cookie(self):
         return current_app.config['JWT_SESSION_COOKIE']
diff --git a/flask_jwt_extended/utils.py b/flask_jwt_extended/utils.py
index bbb99e28..018300fd 100644
--- a/flask_jwt_extended/utils.py
+++ b/flask_jwt_extended/utils.py
@@ -70,6 +70,7 @@ def set_access_cookies(response, encoded_access_token):
                         max_age=config.cookie_max_age,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.access_cookie_path)
 
     # If enabled, set the csrf double submit access cookie
@@ -79,6 +80,7 @@ def set_access_cookies(response, encoded_access_token):
                             max_age=config.cookie_max_age,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.access_csrf_cookie_path)
 
 
@@ -97,6 +99,7 @@ def set_refresh_cookies(response, encoded_refresh_token):
                         max_age=config.cookie_max_age,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.refresh_cookie_path)
 
     # If enabled, set the csrf double submit refresh cookie
@@ -106,6 +109,7 @@ def set_refresh_cookies(response, encoded_refresh_token):
                             max_age=config.cookie_max_age,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.refresh_csrf_cookie_path)
 
 
@@ -124,12 +128,14 @@ def unset_jwt_cookies(response):
                         expires=0,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.refresh_cookie_path)
     response.set_cookie(config.access_cookie_name,
                         value='',
                         expires=0,
                         secure=config.cookie_secure,
                         httponly=True,
+                        domain=config.cookie_domain,
                         path=config.access_cookie_path)
 
     if config.csrf_protect and config.csrf_in_cookies:
@@ -138,10 +144,12 @@ def unset_jwt_cookies(response):
                             expires=0,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.refresh_csrf_cookie_path)
         response.set_cookie(config.access_csrf_cookie_name,
                             value='',
                             expires=0,
                             secure=config.cookie_secure,
                             httponly=False,
+                            domain=config.cookie_domain,
                             path=config.access_csrf_cookie_path)

From 3565fc12f62b47c5b4dc0d52661a07f57a5c46a8 Mon Sep 17 00:00:00 2001
From: Francis Tseng <f+accounts@frnsys.com>
Date: Sat, 15 Apr 2017 00:41:31 -0400
Subject: [PATCH 2/2] set JWT_COOKIE_DOMAIN default in the manager

---
 flask_jwt_extended/config.py      | 2 +-
 flask_jwt_extended/jwt_manager.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/flask_jwt_extended/config.py b/flask_jwt_extended/config.py
index fb7f127e..ab6c0c1c 100644
--- a/flask_jwt_extended/config.py
+++ b/flask_jwt_extended/config.py
@@ -67,7 +67,7 @@ def cookie_secure(self):
 
     @property
     def cookie_domain(self):
-        return current_app.config.get('JWT_COOKIE_DOMAIN', None)
+        return current_app.config['JWT_COOKIE_DOMAIN']
 
     @property
     def session_cookie(self):
diff --git a/flask_jwt_extended/jwt_manager.py b/flask_jwt_extended/jwt_manager.py
index 3c1f7682..66fcb0b9 100644
--- a/flask_jwt_extended/jwt_manager.py
+++ b/flask_jwt_extended/jwt_manager.py
@@ -119,6 +119,7 @@ def _set_default_configuration_options(app):
         app.config.setdefault('JWT_ACCESS_COOKIE_PATH', '/')
         app.config.setdefault('JWT_REFRESH_COOKIE_PATH', '/')
         app.config.setdefault('JWT_COOKIE_SECURE', False)
+        app.config.setdefault('JWT_COOKIE_DOMAIN', None)
         app.config.setdefault('JWT_SESSION_COOKIE', True)
 
         # Options for using double submit csrf protection