Add note to SameSite cookie docs section recommending upgrade to Django >= 3.1 (#267)

m6312 · mrumble · web-flow · commit 1c888210b05c · 2021-04-28T19:55:58.000+02:00
* Add note to SameSite cookie docs section recommending upgrade to Django &gt;= 3.1

* Fix wrong word

Co-authored-by: mrumble &lt;matt.rumble@linguamatics.com&gt;
diff --git a/docs/source/contents/setup.rst b/docs/source/contents/setup.rst
@@ -70,6 +70,13 @@ You can even configure the SAML cookie name as follows::
 
   SAML_SESSION_COOKIE_NAME = 'saml_session'
 
+.. Note::
+
+  djangosaml2 will attempt to set the ``SameSite`` attribute of the SAML session cookie to ``None`` so that it can be
+  used in cross-site requests, but this is only possible with Django 3.1 or higher. If you are experiencing issues with
+  unsolicited requests or cookies not being sent (particularly when using the HTTP-POST binding), consider upgrading
+  to Django 3.1 or higher.
+
 Authentication backend
 ======================
 
