diff options
| author | Hasan Ramezani <hasan.r67@gmail.com> | 2020-08-24 14:00:11 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-08-31 12:33:17 +0200 |
| commit | eda59ba2ec9cee3e11a938171fdc93ea058e9dc9 (patch) | |
| tree | 52f58e597a57bf262b25a58a07fa988f604eb4da | |
| parent | c4e5384e739a1f79fe9f7d78431e3b48fcb09f48 (diff) | |
[3.1.x] Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers.
Backport of 70731fc6feeb40eab535781e938b0e67ff0077ad from master
| -rw-r--r-- | docs/ref/settings.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index a4b4828a5a..263c281872 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -3261,6 +3261,11 @@ Possible values for the setting are: * ``False``: disables the flag. +.. note:: + + Modern browsers provide a more secure default policy for the ``SameSite`` + flag and will assume ``Lax`` for cookies without an explicit value set. + .. versionchanged:: 3.1 Setting ``SESSION_COOKIE_SAMESITE = 'None'`` was allowed. |