diff options
Diffstat (limited to 'Doc/library/http.cookies.rst')
| -rw-r--r-- | Doc/library/http.cookies.rst | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index fb8317a..f3457a0 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -137,11 +137,16 @@ Morsel Objects * ``secure`` * ``version`` * ``httponly`` + * ``samesite`` The attribute :attr:`httponly` specifies that the cookie is only transferred in HTTP requests, and is not accessible through JavaScript. This is intended to mitigate some forms of cross-site scripting. + The attribute :attr:`samesite` specifies that the browser is not allowed to + send the cookie along with cross-site requests. This helps to mitigate CSRF + attacks. Valid values for this attribute are "Strict" and "Lax". + The keys are case-insensitive and their default value is ``''``. .. versionchanged:: 3.5 @@ -153,6 +158,9 @@ Morsel Objects :attr:`~Morsel.coded_value` are read-only. Use :meth:`~Morsel.set` for setting them. + .. versionchanged:: 3.8 + Added support for the :attr:`samesite` attribute. + .. attribute:: Morsel.value |