I’m only setting access token in cookies. But I found CSRF_token also in cookies. I don’t understand why it’s happening and how it’s happening. Look my code:- Setting access token. cookies When I am using @jwt_requiured((locations=[‘cookies’],fresh=True) it returning Missing CSRF token. Here, I need to pass CSRF token through header. Does anyone know what is happening here ? and What