自上次更新以来,我遇到了与 SameSite 属性相关的 cookie 错误。
Cookie 来自第三方开发人员(Fontawesome、jQuery、Google Analytics、Google reCaptcha、Google Fonts 等)
Chrome控制台的错误是这样的。
A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
(index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
我需要在本地计算机或服务器上做任何事情,或者只是他们应该在其库的 future 版本中实现的一些功能?
最佳答案
此控制台警告不是错误或实际问题 - Chrome 只是传播有关此新标准的信息,以提高开发人员的采用率。
这与你的代码无关。这是他们的网络服务器必须支持的。
修复程序的发布日期为 2020 年 2 月 4 日,具体如下: https://www.chromium.org/updates/same-site
2020 年 2 月Chrome 80 稳定版强制实现:SameSite-by-default 和 SameSite=None-requires-Secure 行为将开始在 Chrome 80 稳定版中针对初始有限人群推出2020 年 2 月 17 日当周,不包括周一美国总统日假期。我们将密切监控和评估从最初的有限阶段到逐步增加的推广对生态系统的影响。
有关完整的 Chrome 发布时间表,see here .
我通过添加响应 header 解决了同样的问题
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
SameSite 阻止浏览器将 cookie 与跨站点请求一起发送。主要目标是降低跨域信息泄露的风险。它还提供了一些针对跨站点请求伪造攻击的保护。该标志的可能值为 Lax 或 Strict。
SameSite cookies 解释 here
请引用this在应用任何选项之前。
关于javascript - SameSite 警告 Chrome 77,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58270663/