summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorjvoisin2019-01-09 20:57:42 +0100
committerjvoisin2019-01-09 20:57:42 +0100
commit8eab3136a7e839bd132184601a816bcbe90f2f48 (patch)
treebd89dd97406043eff60c9b4dbd9fae3b49e7838f /doc
parentcc72d0659cd7f591cce779a4afda775bb8518242 (diff)
Add a note about PHP7.3+ SameSite support
Diffstat (limited to 'doc')
-rw-r--r--doc/source/cookies.rst5
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/source/cookies.rst b/doc/source/cookies.rst
index 856927d..9398d39 100644
--- a/doc/source/cookies.rst
+++ b/doc/source/cookies.rst
@@ -25,11 +25,12 @@ It can either be ``enabled`` or ``disabled``.
25cookie_samesite 25cookie_samesite
26""""""""""""""" 26"""""""""""""""
27 27
28:ref:`samesite <samesite-feature>`, disabled by default, will add the `samesite 28:ref:`samesite <samesite-feature>`, disabled by default, adds the `samesite
29<https://tools.ietf.org/html/draft-west-first-party-cookies-07>`_ attribute to 29<https://tools.ietf.org/html/draft-west-first-party-cookies-07>`_ attribute to
30cookies. It `prevents CSRF <https://www.owasp.org/index.php/SameSite>`_ but is 30cookies. It `prevents CSRF <https://www.owasp.org/index.php/SameSite>`_ but is
31not implemented by `all web browsers <https://caniuse.com/#search=samesite>`_ 31not implemented by `all web browsers <https://caniuse.com/#search=samesite>`_
32yet. 32yet. Note that this is orthogonal to `PHP7.3+ SameSite support
33<https://wiki.php.net/rfc/same-site-cookie>`__.
33 34
34It can either be set to ``strict`` or ``lax``: 35It can either be set to ``strict`` or ``lax``:
35 36