diff options
| author | Ran Benita <ran234@gmail.com> | 2019-04-01 12:29:10 +0300 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-04-08 11:26:06 +0200 |
| commit | 19fc6376ce67d01ca37a91ef2f55ef769f50513a (patch) | |
| tree | a40bb59e08bec7f9c6358d078a7e3157760b7993 /docs/ref | |
| parent | cef3f2d3c64055c9fc1757fd61dba24b557a2add (diff) | |
Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/settings.txt | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 5c87aa5d24..ae7436696e 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -1766,6 +1766,21 @@ permanently (via the :setting:`LANGUAGE_COOKIE_NAME` setting) and to add a middleware that copies the value from the old cookie to a new one and then deletes the old one. +.. setting:: LANGUAGE_COOKIE_HTTPONLY + +``LANGUAGE_COOKIE_HTTPONLY`` +---------------------------- + +.. versionadded:: 3.0 + +Default: ``False`` + +Whether to use ``HttpOnly`` flag on the language cookie. If this is set to +``True``, client-side JavaScript will not to be able to access the language +cookie. + +See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``. + .. setting:: LANGUAGE_COOKIE_NAME ``LANGUAGE_COOKIE_NAME`` @@ -1800,6 +1815,33 @@ permanently (via the :setting:`LANGUAGE_COOKIE_NAME` setting), and to add a middleware that copies the value from the old cookie to a new one and then deletes the one. +.. setting:: LANGUAGE_COOKIE_SAMESITE + +``LANGUAGE_COOKIE_SAMESITE`` +---------------------------- + +.. versionadded:: 3.0 + +Default: ``None`` + +The value of the `SameSite`_ flag on the language cookie. This flag prevents the +cookie from being sent in cross-site requests. + +See :setting:`SESSION_COOKIE_SAMESITE` for details about ``SameSite``. + +.. setting:: LANGUAGE_COOKIE_SECURE + +``LANGUAGE_COOKIE_SECURE`` +-------------------------- + +.. versionadded:: 3.0 + +Default: ``False`` + +Whether to use a secure cookie for the language cookie. If this is set to +``True``, the cookie will be marked as "secure", which means browsers may +ensure that the cookie is only sent under an HTTPS connection. + .. setting:: LANGUAGES ``LANGUAGES`` @@ -3402,8 +3444,11 @@ Globalization (``i18n``/``l10n``) * :setting:`LANGUAGE_CODE` * :setting:`LANGUAGE_COOKIE_AGE` * :setting:`LANGUAGE_COOKIE_DOMAIN` +* :setting:`LANGUAGE_COOKIE_HTTPONLY` * :setting:`LANGUAGE_COOKIE_NAME` * :setting:`LANGUAGE_COOKIE_PATH` +* :setting:`LANGUAGE_COOKIE_SAMESITE` +* :setting:`LANGUAGE_COOKIE_SECURE` * :setting:`LANGUAGES` * :setting:`LANGUAGES_BIDI` * :setting:`LOCALE_PATHS` |
