diff options
| author | Jezeniel Zapanta <jezeniel.zapanta@gmail.com> | 2019-09-16 18:13:06 +0800 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-09-24 08:43:55 +0200 |
| commit | 9510af35fce9de740f76f04cb5216c42daa1b9f3 (patch) | |
| tree | 84369901f88d8736072bf9e9d4caee6b3b0a96dc /docs/ref | |
| parent | 2362f2726558dd0cc6e447878545dd3ddbd9b633 (diff) | |
[3.0.x] Fixed #30732 -- Doc'd that SameSite cookies flags can affect xframe_options_exempt.
Backport of e8ad265ac882f8f118d2c4a7618bd3e3916fc13e from master
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/clickjacking.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt index c7cac17ca4..d7eec87923 100644 --- a/docs/ref/clickjacking.txt +++ b/docs/ref/clickjacking.txt @@ -88,6 +88,11 @@ that tells the middleware not to set the header:: def ok_to_load_in_a_frame(request): return HttpResponse("This page is safe to load in a frame on any site.") +.. note:: + + If you want to submit a form or access a session cookie within a frame or + iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or + :setting:`SESSION_COOKIE_SAMESITE` settings. Setting ``X-Frame-Options`` per view ------------------------------------ |
