[3.1.x] Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers.

Backport of 70731fc6fe from master
2020-08-24 14:00:11 +02:00 · 2020-08-24 14:00:11 +02:00 · eda59ba2ec
parent c4e5384e73
commit eda59ba2ec
1 changed files with 5 additions and 0 deletions
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@ -3261,6 +3261,11 @@ Possible values for the setting are:

 * ``False``: disables the flag.

+.. note::
+
+    Modern browsers provide a more secure default policy for the ``SameSite``
+    flag and will assume ``Lax`` for cookies without an explicit value set.
+
 .. versionchanged:: 3.1

    Setting ``SESSION_COOKIE_SAMESITE = 'None'`` was allowed.