From 14e690ae5a6d4ddeb1ac021f78e2e6e333214ef8 Mon Sep 17 00:00:00 2001 From: Osaetin Daniel Date: Wed, 11 Dec 2019 10:57:13 +0100 Subject: [PATCH] Doc'd HttpResponse.set_cookie()'s secure argument. --- docs/ref/request-response.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index eada9394bd..e095787363 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -819,6 +819,8 @@ Methods ``domain="example.com"`` will set a cookie that is readable by the domains www.example.com, blog.example.com, etc. Otherwise, a cookie will only be readable by the domain that set it. + * Use ``secure=True`` if you want the cookie to be only sent to the server + when a request is made with the ``https`` scheme. * Use ``httponly=True`` if you want to prevent client-side JavaScript from having access to the cookie.