pyramid_jwt icon indicating copy to clipboard operation
pyramid_jwt copied to clipboard

Published 20 hours ago verified publisher icon wichert

Fix https-only behaviour

Open tripsolutions opened this issue 3 years ago • 1 comments

Because set_jwt_authentication_policy's https_only parameter had a default value set to True the ini-file value was never being picked up. You would need to explicitly pass https_only=None to set_jwt_cookie_authentication_policy for the ini-file value to be considered. The ini-file value would also always be a string.

tripsolutions avatar Mar 02 '21 16:03 tripsolutions

I have rewritten this PR to perform the conversion using pyramid.settings.asbool in the authentication policy constructor, seems a more sensible approach that I've seen in PR #47. I've left this PR because PR #47 seems to have a bit of scope creep.

tripsolutions avatar Mar 03 '21 12:03 tripsolutions