我客户的网站在 Chrome 中收到这些 SameSite cookie 警告。我已经搜索遍了,但无法让警告消失。这些 cookie 是由 WordPress 网站上的 Google 广告转化跟踪产生的。出于兼容性原因,该站点位于由运行 PHP 7.1 的 DreamHost 托管的 Apache/2.4.7 (Ubuntu) 上。在我的 .htaccess 文件中,我尝试添加:
Header always edit Set-Cookie (.*) "$1; SameSite=None"
我尝试过
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
...我尝试过
Header always edit Set-Cookie (.*) "$1; SameSite=None;Secure"
以及许多其他组合,包括 SameSite=Lax
一份指南建议使用 PHP 7.2 及以下版本:
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');
但这给了我一个500 Internal Server Erorr
。
但是我仍然收到以下三个错误:
A cookie associated with a cross-site resource at was set without the
SameSite
attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=None
andSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .(index):1 A cookie associated with a resource at http://doubleclick.net/ was set with
SameSite=None
but withoutSecure
. A future release of Chrome will only deliver cookies markedSameSite=None
if they are also markedSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.(index):1 A cookie associated with a resource at http://google.com/ was set with
SameSite=None
but withoutSecure
. A future release of Chrome will only deliver cookies markedSameSite=None
if they are also markedSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
在我的研究中,有关警告的信息似乎有限,并且在可用的指南中,我不确定是否必须按名称识别 cookie 或如何在源头修复 cookie/ header 。
最佳答案
我发布 similar question on their github page 后收到了 Google Chrome 实验室的回复.
The cookies triggering the warning are coming from google.com so you will not be able to alter them. The Ads team is aware of these issues and is working to get their cookies fixed before the Feb 2020 stable date. It also means that none of the header directives you're specifying will affect the google.com cookie, it will only cover cookies set for your site.
If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes. -rowan-m
关于php - 如何解决 Apache 2.4 和 PHP 7.1 上 Chrome 中的跨站点 Google Analytics cookie `SameSite=None` 警告?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58363553/