- Preserve CSRF errors when using headers and cookies together - Allow only specified request types to need CSRF protection, when using cookies with CSRF protection enabled. Defaults to `['PUT', 'PATCH', 'POST, 'DELETE']`, and can be change with the `app.config['JWT_CSRF_METHODS']` option
1.2.1
- Fixes bug with using `user_identity_loader` with refresh tokens (27)
1.2.0
- Adds support for using JWTs in cookies and tokens at the same time (refs 26)
1.1.0
- Tested against python 3.6 - Adds ability to access full (raw) jwt in a protected endpoint (22)
1.0.3
- Better error messages when using a different header name than 'Authorization'
1.0.2
- Fix using alternative header names. There was an option for alternate header names before, but it was hard coded to look for JWTs under the default 'Authorization' header.