]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cfd6da8) | patch
gh-136992: Add "None" as valid `SameSite` value as per RFC 6265bis (#137040)
authorIqra Khan <iqraakhan2519@gmail.com>
Sun, 27 Jul 2025 08:27:08 +0000 (13:57 +0530)
committerGitHub <noreply@github.com>
Sun, 27 Jul 2025 08:27:08 +0000 (10:27 +0200)
commitae8b7d710020dfd336edd399fa35525dfe8fc049
tree99061517d8c8833b5c0c8130297cfc56e478a853tree | snapshot
parentcfd6da849a3c40904cddd23ae1700605877673fbcommit | diff
gh-136992: Add "None" as valid `SameSite` value as per RFC 6265bis (#137040)

The "SameSite" attribute defined in RFC 6265bis [1] allows the "Strict", "Lax" and "None"
enforcement modes. We already documented "Strict" and "Lax" as being valid values
but "None" was missing from the list. While the RFC has not been formally approved,
modern browsers support the "None" value [2, 3] thereby making sense to document it.

[1]: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis
[2]: https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure
[3]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#none

---------

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Doc/library/http.cookies.rst diff | blob | blame | history
Mirror of https://github.com/python/cpython.git