Documented SameSite

And suggestions by members.
python · akash0x53 · Feb 21, 2017 · Feb 21, 2017 · Feb 21, 2017 · Feb 21, 2017
commit c8bc13550876e899d0c1e043062841b717020e22
diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst
@@ -137,11 +137,16 @@ Morsel Objects
    * ``secure``
    * ``version``
    * ``httponly``
+   * ``samesite``
 
    The attribute :attr:`httponly` specifies that the cookie is only transferred
    in HTTP requests, and is not accessible through JavaScript. This is intended
    to mitigate some forms of cross-site scripting.
 
+   The attribute:attr:`samesite` specifies that browser is not allowed to send the
+   cookie along with cross-site requests. This help to mitigate CSRF attacks. Valid
+   values for this attribute are "Strict" and "Lax".
+
    The keys are case-insensitive and their default value is ``''``.
 
    .. versionchanged:: 3.5

diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
@@ -281,7 +281,7 @@ class Morsel(dict):
         "secure"   : "Secure",
         "httponly" : "HttpOnly",
         "version"  : "Version",
-        "samesite" : "SameSite"
+        "samesite" : "SameSite",
     }
 
     _flags = {'secure', 'httponly'}