diff --git a/manual/config/seahub_settings_py.md b/manual/config/seahub_settings_py.md
index c8cc018f..69034f19 100644
--- a/manual/config/seahub_settings_py.md
+++ b/manual/config/seahub_settings_py.md
@@ -19,6 +19,16 @@ Refer to ["add memcached"](../deploy/add_memcached.md).
 # Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
 ALLOWED_HOSTS = ['.myseafile.com']
 
+
+# Whether to use a secure cookie for the CSRF cookie
+# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
+CSRF_COOKIE_SECURE = True
+
+# The value of the SameSite flag on the CSRF cookie
+# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
+CSRF_COOKIE_SAMESITE = 'Strict'
+
+
 ```
 
 ## User management options