summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt45
-rw-r--r--docs/releases/3.0.txt6
-rw-r--r--docs/topics/i18n/translation.txt3
3 files changed, 53 insertions, 1 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 5c87aa5d24..ae7436696e 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -1766,6 +1766,21 @@ permanently (via the :setting:`LANGUAGE_COOKIE_NAME` setting) and to add
a middleware that copies the value from the old cookie to a new one and then
deletes the old one.
+.. setting:: LANGUAGE_COOKIE_HTTPONLY
+
+``LANGUAGE_COOKIE_HTTPONLY``
+----------------------------
+
+.. versionadded:: 3.0
+
+Default: ``False``
+
+Whether to use ``HttpOnly`` flag on the language cookie. If this is set to
+``True``, client-side JavaScript will not to be able to access the language
+cookie.
+
+See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``.
+
.. setting:: LANGUAGE_COOKIE_NAME
``LANGUAGE_COOKIE_NAME``
@@ -1800,6 +1815,33 @@ permanently (via the :setting:`LANGUAGE_COOKIE_NAME` setting), and to add
a middleware that copies the value from the old cookie to a new one and then
deletes the one.
+.. setting:: LANGUAGE_COOKIE_SAMESITE
+
+``LANGUAGE_COOKIE_SAMESITE``
+----------------------------
+
+.. versionadded:: 3.0
+
+Default: ``None``
+
+The value of the `SameSite`_ flag on the language cookie. This flag prevents the
+cookie from being sent in cross-site requests.
+
+See :setting:`SESSION_COOKIE_SAMESITE` for details about ``SameSite``.
+
+.. setting:: LANGUAGE_COOKIE_SECURE
+
+``LANGUAGE_COOKIE_SECURE``
+--------------------------
+
+.. versionadded:: 3.0
+
+Default: ``False``
+
+Whether to use a secure cookie for the language cookie. If this is set to
+``True``, the cookie will be marked as "secure", which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+
.. setting:: LANGUAGES
``LANGUAGES``
@@ -3402,8 +3444,11 @@ Globalization (``i18n``/``l10n``)
* :setting:`LANGUAGE_CODE`
* :setting:`LANGUAGE_COOKIE_AGE`
* :setting:`LANGUAGE_COOKIE_DOMAIN`
+* :setting:`LANGUAGE_COOKIE_HTTPONLY`
* :setting:`LANGUAGE_COOKIE_NAME`
* :setting:`LANGUAGE_COOKIE_PATH`
+* :setting:`LANGUAGE_COOKIE_SAMESITE`
+* :setting:`LANGUAGE_COOKIE_SECURE`
* :setting:`LANGUAGES`
* :setting:`LANGUAGES_BIDI`
* :setting:`LOCALE_PATHS`
diff --git a/docs/releases/3.0.txt b/docs/releases/3.0.txt
index 11257b70be..d7ad7a8cf7 100644
--- a/docs/releases/3.0.txt
+++ b/docs/releases/3.0.txt
@@ -153,7 +153,11 @@ Generic Views
Internationalization
~~~~~~~~~~~~~~~~~~~~
-* ...
+* Added the :setting:`LANGUAGE_COOKIE_HTTPONLY`,
+ :setting:`LANGUAGE_COOKIE_SAMESITE`, and :setting:`LANGUAGE_COOKIE_SECURE`
+ settings to set the ``HttpOnly``, ``SameSite``, and ``Secure`` flags on
+ language cookies. The default values of these settings preserve the previous
+ behavior.
Management Commands
~~~~~~~~~~~~~~~~~~~
diff --git a/docs/topics/i18n/translation.txt b/docs/topics/i18n/translation.txt
index 00338100f9..bafa4bdaf1 100644
--- a/docs/topics/i18n/translation.txt
+++ b/docs/topics/i18n/translation.txt
@@ -1896,7 +1896,10 @@ A number of settings can be used to adjust language cookie options:
* :setting:`LANGUAGE_COOKIE_NAME`
* :setting:`LANGUAGE_COOKIE_AGE`
* :setting:`LANGUAGE_COOKIE_DOMAIN`
+* :setting:`LANGUAGE_COOKIE_HTTPONLY`
* :setting:`LANGUAGE_COOKIE_PATH`
+* :setting:`LANGUAGE_COOKIE_SAMESITE`
+* :setting:`LANGUAGE_COOKIE_SECURE`
Implementation notes
====================