-
-
Notifications
You must be signed in to change notification settings - Fork 806
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
config keys should be prefixed #696
Comments
I'm considering whether we should get rid of a lot of the |
In Flask-Security-Too - I have 2 config variables - one for the name, the other is a dict which is passed straight to response.set_cookie. Such as: |
Nowadays I'm moving to dicts as well, since |
Extensions should namespace any values they use in
app.config
andg
with their name (without the "Flask-" prefix). It's usually a good idea to set the default config ininit_app
as well and access them with[]
. This makes it easier to reason about what extension manages what config.Flask-Login currently uses the following keys:
USE_SESSION_FOR_NEXT
, defaultFalse
REMEMBER_COOKIE_NAME
, default"remember_token"
REMEMBER_COOKIE_DOMAIN
, defaultNone
REMEMBER_COOKIE_PATH
, default"/"
REMEMBER_COOKIE_SECURE
, defaultFalse
REMEMBER_COOKIE_HTTPONLY
, defaultTrue
REMEMBER_COOKIE_SAMESITE
, defaultNone
REMEMBER_COOKIE_DURATION
, defaulttimedelta(days=365)
, converts intREMEMBER_COOKIE_REFRESH_EACH_REQUEST
, defaultNone
, should probably beFalse
AUTH_HEADER_NAME
, default"Authorization"
, removed in 0.7 along withheader_loader
SESSION_PROTECTION
, defaultself.session_protection
, default"basic"
FORCE_HOST_FOR_REDIRECTS
, defaultNone
LOGIN_DISABLED
, defaultFalse
The text was updated successfully, but these errors were encountered: