* Add JWT_COOKIE_DOMAIN option, to control the cross-domain cookie setting for the underlying flask set_cookie call.
1.4.0
* Big refactoring of code behind the scenes. Shouldn't cause any breaking problems with existing applications * Depreciate JWT_CSRF_HEADER_NAME and add JWT_ACCESS_CSRF_HEADER_NAME and JWT_REFRESH_CSRF_HEADER_NAME (refs 37) * Add options to change the cookie paths for JWT_ACCESS_CSRF_COOKIE_NAME and JWT_REFRESH_CSRF_COOKIE_NAME via JWT_ACCESS_CSRF_COOKIE_PATH and JWT_ACCESS_CSRF_COOKIE_PATH (refs 33) * Add option to not store csrf double submit values in addition cookies via JWT_CSRF_IN_COOKIES and add get_csrf_token(encoded_token) method so you could grab the CSRF double submit values out of a created token, and return them another way (for example, in the resulting JSON of a request). (refs 33)
1.3.2
* Adds option to use expires cookies instead of session cookies (35) * Properly deletes csrf cookies in the unset_jwt_cookies method
1.3.1
* Raises helpful error messages when attempting to use cookie methods without this extension being configured to use cookies (ref 31)
1.3.0
- Preserve CSRF errors when using headers and cookies together - Allow only specified request types to need CSRF protection, when using cookies with CSRF protection enabled. Defaults to `['PUT', 'PATCH', 'POST, 'DELETE']`, and can be change with the `app.config['JWT_CSRF_METHODS']` option
1.2.1
- Fixes bug with using `user_identity_loader` with refresh tokens (27)