[3.0.x] Fixed #30732 -- Doc'd that SameSite cookies flags can affect …

…xframe_options_exempt. Backport of e8ad265 from master
django · Sep 24, 2019 · 9510af3 · 9510af3
1 parent 2362f27
commit 9510af3
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
@@ -88,6 +88,11 @@ that tells the middleware not to set the header::
     def ok_to_load_in_a_frame(request):
         return HttpResponse("This page is safe to load in a frame on any site.")
 
+.. note::
+
+    If you want to submit a form or access a session cookie within a frame or
+    iframe, you may need to modify the :setting:`CSRF_COOKIE_SAMESITE` or
+    :setting:`SESSION_COOKIE_SAMESITE` settings.
 
 Setting ``X-Frame-Options`` per view
 ------------------------------------