README.md in angular_rails_csrf-4.1.0 vs README.md in angular_rails_csrf-4.2.0

- old
+ new
@@ -64,9 +64,23 @@
 end
 ```
 
 `angular_rails_csrf_secure` defaults to `false`.
 
+### SameSite
+
+The SameSite attribute defaults to `:lax`. You can override this in the config:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_same_site = :strict
+end
+```
+
+**NOTE**: When using `config.angular_rails_csrf_same_site = :none`, this gem automatically sets the cookie to `Secure` (`config.angular_rails_csrf_secure = true`) to comply with [the specifications](https://tools.ietf.org/html/draft-west-cookie-incrementalism-00).
+
 ### Exclusions
 
 Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
 
 ```ruby