The documentation for enabling and configuring cross-site scripting settings has been updated to clarify the definitions of the Samesite settings Lax, Strict and None:
https://docs.pega.com/security/88/enabling-and-configuring-cross-site-request-forgery-settings
None – If you select this option, Pega Platform offers no protection. The browser attaches the cookies in all cross-site browsing contexts.
Lax – If you select this option, Pega Platform provides a reasonable balance between security and usability for websites that want to maintain logged-in sessions after users arrive from an external link. The browser does not send cookies in requests from non-originating sites.
Strict – If you select this option, Pega Platform prevents the browser
Resolved in Product Version
SR/INC
205525
Issue
699064
Product Capability