Fixed #31934 -- Added note about the default of SameSite cookie flag in modern browsers.

2020-08-24 14:00:11 +02:00 · 2020-08-24 14:00:11 +02:00 · 70731fc6fe
parent 179d9dc0c2
commit 70731fc6fe
1 changed files with 5 additions and 0 deletions
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@ -3241,6 +3241,11 @@ Possible values for the setting are:

 * ``False``: disables the flag.

+.. note::
+
+    Modern browsers provide a more secure default policy for the ``SameSite``
+    flag and will assume ``Lax`` for cookies without an explicit value set.
+
 .. versionchanged:: 3.1

    Setting ``SESSION_COOKIE_SAMESITE = 'None'`` was allowed.