From 70731fc6feeb40eab535781e938b0e67ff0077ad Mon Sep 17 00:00:00 2001 From: Hasan Ramezani Date: Mon, 24 Aug 2020 14:00:11 +0200 Subject: [PATCH] Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers. --- docs/ref/settings.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index bf2d1ed6b08..9a2f1457ac9 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -3241,6 +3241,11 @@ Possible values for the setting are: * ``False``: disables the flag. +.. note:: + + Modern browsers provide a more secure default policy for the ``SameSite`` + flag and will assume ``Lax`` for cookies without an explicit value set. + .. versionchanged:: 3.1 Setting ``SESSION_COOKIE_SAMESITE = 'None'`` was allowed.