Open kostyachum opened 5 years ago
JWT is commonly put inside a cookie to prevent XSS attacks, hence the http only flag, otherwise you'd just put it in some other locations such as session/localStrorage.
True, though it is not something that is forbidden or can't be done, just suggest extracting a few methods to make it easy to override.
After https://github.com/Tivix/django-rest-auth/pull/345/files was resolved the cookie become forced
http only
and there is no way to change it in a convenient way. Is it possible to add settings for it or a class attribute? Or maybe extractset_cookies
part into a dedicated method so it can be overridden gradually withoutget_response
?