aboutsummaryrefslogtreecommitdiffstats
path: root/doc/src/manual
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2020-10-20 13:35:19 +0200
committerLoïc Hoguin <[email protected]>2020-10-20 13:35:19 +0200
commitbe9e57032f95fe8a2d8403ca792345770cdaa8b1 (patch)
treeafe44780b7fe3043b25aeeebeea253b4ef0d3b41 /doc/src/manual
parent9fbd41b77b0d947fb653f24ddee9f52c389f8122 (diff)
downloadcowlib-be9e57032f95fe8a2d8403ca792345770cdaa8b1.tar.gz
cowlib-be9e57032f95fe8a2d8403ca792345770cdaa8b1.tar.bz2
cowlib-be9e57032f95fe8a2d8403ca792345770cdaa8b1.zip
Document the same_site changes
And explain that browsers may be more strict over TCP vs TLS.
Diffstat (limited to 'doc/src/manual')
-rw-r--r--doc/src/manual/cow_cookie.asciidoc12
1 files changed, 9 insertions, 3 deletions
diff --git a/doc/src/manual/cow_cookie.asciidoc b/doc/src/manual/cow_cookie.asciidoc
index 257d01e..0bde0ed 100644
--- a/doc/src/manual/cow_cookie.asciidoc
+++ b/doc/src/manual/cow_cookie.asciidoc
@@ -29,7 +29,7 @@ cookie_attrs() :: #{
path => binary(),
secure => true,
http_only => true,
- same_site => strict | lax
+ same_site => strict | lax | none
}
----
@@ -48,7 +48,7 @@ cookie_opts() :: #{
http_only => boolean(),
max_age => non_neg_integer(),
path => binary(),
- same_site => lax | strict,
+ same_site => strict | lax | none,
secure => boolean()
}
----
@@ -83,10 +83,14 @@ be sent to the current "directory" of the effective request URI.
same_site::
Whether the cookie should be sent along with cross-site
-requests. This header is currently non-standard but is in
+requests. This attribute is currently non-standard but is in
the process of being standardized. Please refer to the
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7[RFC 6265 (bis) draft]
for details.
++
+The default value for this attribute may vary depending on
+user agent and configuration. Browsers are known to be more
+strict over TCP compared to TLS.
secure::
@@ -97,6 +101,8 @@ transfer. By default there are no restrictions.
== Changelog
+* *2.10*: The `same_site` attribute and option may now be
+ set to `none`.
* *2.9*: The `cookie_attrs` type was added.
* *1.0*: Module introduced.