File tree Expand file tree Collapse file tree 1 file changed +6
-3
lines changed Expand file tree Collapse file tree 1 file changed +6
-3
lines changed Original file line number Diff line number Diff line change @@ -148,9 +148,12 @@ Morsel Objects
148148 in HTTP requests, and is not accessible through JavaScript. This is intended
149149 to mitigate some forms of cross-site scripting.
150150
151- The attribute :attr: `samesite ` specifies that the browser is not allowed to
152- send the cookie along with cross-site requests. This helps to mitigate CSRF
153- attacks. Valid values for this attribute are "Strict" and "Lax".
151+ The attribute :attr: `samesite ` controls when the browser sends the cookie with
152+ cross-site requests. This helps to mitigate CSRF attacks. Valid values are
153+ "Strict" (never sent with cross-site requests), "Lax" (sent with top-level
154+ navigation), and "None" (always sent). When using "None", the "secure"
155+ attribute must also be set, as required by modern browsers per
156+ `RFC6265bis <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis >`_.
154157
155158 The attribute :attr: `partitioned ` indicates to user agents that these
156159 cross-site cookies *should * only be available in the same top-level context
You can’t perform that action at this time.
0 commit comments