javascript - SameSite 警告 Chrome 77
问题描述
自上次更新以来,我遇到了与 SameSite 属性相关的 cookie 错误。
cookie 来自第三方开发者(Fontawesome、jQuery、Google Analytics、Google reCaptcha、Google Fonts 等)
Chrome 控制台中的错误是这样的。
A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
(index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
我需要在本地机器或服务器上做些什么,或者只是他们应该在未来版本的库中实现的一些功能?
解决方案
这个控制台警告不是错误或实际问题——Chrome 只是在宣传这个新标准以提高开发人员的采用率。
它与您的代码无关。这是他们的网络服务器必须支持的东西。
修复程序的发布日期为 2020 年 2 月 4 日: https ://www.chromium.org/updates/same-site
2020 年 2 月: Chrome 80 Stable 的强制推出:SameSite-by-default 和 SameSite=None-requires-Secure 行为将从2020 年 2 月 17 日那一周开始针对初始有限的人群推出到 Chrome 80 Stable ,不包括周一是美国总统日假期。我们将通过逐渐增加的推广从最初的有限阶段密切监测和评估生态系统的影响。
有关完整的 Chrome 发布时间表,请参见此处。
我通过添加响应标头解决了同样的问题
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
SameSite
防止浏览器将 cookie 与跨站点请求一起发送。主要目标是降低跨域信息泄露的风险。它还提供了一些针对跨站点请求伪造攻击的保护。该标志的可能值为 Lax 或 Strict。
SameSite cookie在这里解释
请在应用任何选项之前参考此内容。
希望这对您有所帮助。
推荐阅读
- docker - 运行“RUN apt-get update -y”时无法构建基于“php:5.6.32-apache”的 docker 映像
- node.js - 如何从 firebase 函数中的“获取请求”中获取参数?
- xml - ZUGFeRD 在一张发票上多次交货
- websocket - 使用 Rxjs 可观察和观察者重新连接 Angular 5 中的 WebSocket
- android - 当我手动安装了旧版本的 apk 时,Google Play 不显示“更新”功能
- python - 如何在python中断言所有断言失败
- reactjs - 更新嵌套数组中的对象,react-redux
- java - 如何解决recyclerview中按钮的自动点击问题?那是一个错误吗?
- javascript - Fullcalendar 事件属性验收
- linkedin - 如何从我是页面管理员的 LinkedIn 获取组织的帖子