From 62a4a5062fb12bebe87505f9ecd1484212d85795 Mon Sep 17 00:00:00 2001
From: Jezeniel Zapanta <jezeniel.zapanta@gmail.com>
Date: Mon, 16 Sep 2019 18:13:06 +0800
Subject: [PATCH] [2.2.x] Fixed #30732 -- Doc'd that SameSite cookies flags can
 affect xframe_options_exempt.

Backport of e8ad265ac882f8f118d2c4a7618bd3e3916fc13e from master
---
 docs/ref/clickjacking.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index 6fba3eaea8..f00f3c3628 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -84,6 +84,11 @@ that tells the middleware not to set the header::
     def ok_to_load_in_a_frame(request):
         return HttpResponse("This page is safe to load in a frame on any site.")
 
+.. note::
+
+    If you want to submit a form or access a session cookie within a frame or
+    iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or
+    :setting:`SESSION_COOKIE_SAMESITE` settings.
 
 Setting ``X-Frame-Options`` per view
 ------------------------------------