summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/clickjacking.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index c7cac17ca4..d7eec87923 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -88,6 +88,11 @@ that tells the middleware not to set the header::
def ok_to_load_in_a_frame(request):
return HttpResponse("This page is safe to load in a frame on any site.")
+.. note::
+
+ If you want to submit a form or access a session cookie within a frame or
+ iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or
+ :setting:`SESSION_COOKIE_SAMESITE` settings.
Setting ``X-Frame-Options`` per view
------------------------------------