Added boolean conversion to setting "jwt.https_only_cookie"

src/pyramid_jwt/__init__.py

@@ -93,14 +93,15 @@ def set_jwt_cookie_authentication_policy(
     json_encoder=None,
     audience=None,
     cookie_name=None,
-    https_only=True,
+    https_only=None,
     reissue_time=None,
     cookie_path=None,
 ):
     settings = config.get_settings()
     cookie_name = cookie_name or settings.get("jwt.cookie_name")
     cookie_path = cookie_path or settings.get("jwt.cookie_path")
-    reissue_time = reissue_time or settings.get("jwt.cookie_reissue_time")
+    if reissue_time is None and "jwt.cookie_reissue_time" in settings:
+        reissue_time = int(settings.get("jwt.cookie_reissue_time"))
     if https_only is None:
         https_only = settings.get("jwt.https_only_cookie", True)
 

src/pyramid_jwt/policy.py

@@ -6,6 +6,7 @@
 
 import jwt
 from pyramid.renderers import JSON
+from pyramid.settings import asbool
 from webob.cookies import CookieProfile
 from zope.interface import implementer
 from pyramid.authentication import CallbackAuthenticationPolicy
@@ -187,7 +188,7 @@ def __init__(
             audience,
         )
 
-        self.https_only = https_only
+        self.https_only = asbool(https_only)
         self.cookie_name = cookie_name or "Authorization"
         self.max_age = self.expiration and self.expiration.total_seconds()
 
@@ -246,9 +247,12 @@ def remember(self, request, principal, **kw):
 
         return self._get_cookies(request, token, self.max_age, domains=domains)
 
-    def forget(self, request):
+    def forget(self, request, **kw):
         request._jwt_cookie_reissue_revoked = True
-        return self._get_cookies(request, None)
+
+        domains = kw.get("domains")
+
+        return self._get_cookies(request, None, domains=domains)
 
     def get_claims(self, request):
         profile = self.cookie_profile.bind(request)