Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.

Thanks Florian Apolloner and Carlton Gibson for reviews.

1 files changed, 13 insertions, 3 deletions

diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt
index 7ae21330a6..2e15f62860 100644
--- a/docs/releases/3.1.txt
+++ b/docs/releases/3.1.txt
@@ -105,7 +105,9 @@ Minor features
 :mod:`django.contrib.sessions`
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-* ...
+* The :setting:`SESSION_COOKIE_SAMESITE` setting now allows ``'None'`` (string)
+  value to explicitly state that the cookie is sent with all same-site and
+  cross-site requests.
 
 :mod:`django.contrib.sitemaps`
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -141,7 +143,9 @@ Cache
 CSRF
 ~~~~
 
-* ...
+* The :setting:`CSRF_COOKIE_SAMESITE` setting now allows ``'None'`` (string)
+  value to explicitly state that the cookie is sent with all same-site and
+  cross-site requests.
 
 Email
 ~~~~~
@@ -173,7 +177,9 @@ Generic Views
 Internationalization
 ~~~~~~~~~~~~~~~~~~~~
 
-* ...
+* The :setting:`LANGUAGE_COOKIE_SAMESITE` setting now allows ``'None'``
+  (string) value to explicitly state that the cookie is sent with all same-site
+  and cross-site requests.
 
 Logging
 ~~~~~~~
@@ -232,6 +238,10 @@ Requests and Responses
 * If :setting:`ALLOWED_HOSTS` is empty and ``DEBUG=True``, subdomains of
   localhost are now allowed in the ``Host`` header, e.g. ``static.localhost``.
 
+* :meth:`.HttpResponse.set_cookie` and :meth:`.HttpResponse.set_signed_cookie`
+  now allow using ``samesite='None'`` (string) to explicitly state that the
+  cookie is sent with all same-site and cross-site requests.
+
 Serialization
 ~~~~~~~~~~~~~