[3.0.x] Doc'd HttpResponse.set_cookie()'s secure argument.

Backport of 14e690ae5a6d4ddeb1ac021f78e2e6e333214ef8 from master
2019-12-11 10:57:13 +01:00 · 2019-12-11 10:57:13 +01:00 · 33d2cda672
commit 33d2cda672
parent 3ab7de0182
1 changed files with 2 additions and 0 deletions
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@ -821,6 +821,8 @@ Methods
      ``domain="example.com"`` will set a cookie that is readable by the
      domains www.example.com, blog.example.com, etc. Otherwise, a cookie will
      only be readable by the domain that set it.
+    * Use ``secure=True`` if you want the cookie to be only sent to the server
+      when a request is made with the ``https`` scheme.
    * Use ``httponly=True`` if you want to prevent client-side
      JavaScript from having access to the cookie.