diff options
| -rw-r--r-- | doc/source/cookies.rst | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/source/cookies.rst b/doc/source/cookies.rst index 856927d..9398d39 100644 --- a/doc/source/cookies.rst +++ b/doc/source/cookies.rst | |||
| @@ -25,11 +25,12 @@ It can either be ``enabled`` or ``disabled``. | |||
| 25 | cookie_samesite | 25 | cookie_samesite |
| 26 | """"""""""""""" | 26 | """"""""""""""" |
| 27 | 27 | ||
| 28 | :ref:`samesite <samesite-feature>`, disabled by default, will add the `samesite | 28 | :ref:`samesite <samesite-feature>`, disabled by default, adds the `samesite |
| 29 | <https://tools.ietf.org/html/draft-west-first-party-cookies-07>`_ attribute to | 29 | <https://tools.ietf.org/html/draft-west-first-party-cookies-07>`_ attribute to |
| 30 | cookies. It `prevents CSRF <https://www.owasp.org/index.php/SameSite>`_ but is | 30 | cookies. It `prevents CSRF <https://www.owasp.org/index.php/SameSite>`_ but is |
| 31 | not implemented by `all web browsers <https://caniuse.com/#search=samesite>`_ | 31 | not implemented by `all web browsers <https://caniuse.com/#search=samesite>`_ |
| 32 | yet. | 32 | yet. Note that this is orthogonal to `PHP7.3+ SameSite support |
| 33 | <https://wiki.php.net/rfc/same-site-cookie>`__. | ||
| 33 | 34 | ||
| 34 | It can either be set to ``strict`` or ``lax``: | 35 | It can either be set to ``strict`` or ``lax``: |
| 35 | 36 | ||