Fixed #30732 -- Doc'd that SameSite cookies flags can affect xframe_options_exempt.

author: Jezeniel Zapanta <jezeniel.zapanta@gmail.com> 2019-09-16 18:13:06 +0800
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-09-23 15:09:37 +0200
commit: e8ad265ac882f8f118d2c4a7618bd3e3916fc13e (patch)
tree: d3b28afd74511f5ef8d15798ddd883d165658b8c /docs/ref/clickjacking.txt
parent: f97bbad908df128189eff77d98af9a25ed1ecf23 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index c7cac17ca4..d7eec87923 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -88,6 +88,11 @@ that tells the middleware not to set the header::
     def ok_to_load_in_a_frame(request):
         return HttpResponse("This page is safe to load in a frame on any site.")
 
+.. note::
+
+    If you want to submit a form or access a session cookie within a frame or
+    iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or
+    :setting:`SESSION_COOKIE_SAMESITE` settings.
 
 Setting ``X-Frame-Options`` per view
 ------------------------------------
author	Jezeniel Zapanta <jezeniel.zapanta@gmail.com>	2019-09-16 18:13:06 +0800
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-09-23 15:09:37 +0200
commit	e8ad265ac882f8f118d2c4a7618bd3e3916fc13e (patch)
tree	d3b28afd74511f5ef8d15798ddd883d165658b8c /docs/ref/clickjacking.txt
parent	f97bbad908df128189eff77d98af9a25ed1ecf23 (diff)