问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答logo安谋科技 XPU

SameSite 警告 Chrome 77

社区维基
1
新手上路,请多包涵

自上次更新以来,我遇到了与 SameSite 属性相关的 cookie 错误。

cookie 来自第三方开发者(Fontawesome、jQuery、Google Analytics、Google reCaptcha、Google Fonts 等)

Chrome 控制台中的错误是这样的。

A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
(index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

我需要在我的本地机器或服务器上做些什么,或者只是他们应该在未来版本的库中实现的一些功能?

原文由 peiblox 发布,翻译遵循 CC BY-SA 4.0 许可协议

Stack Overflow 翻译javascriptgoogle-chromecookiessamesite
阅读 1k
2 个回答
得票最新
社区维基
1
✓ 已被采纳

这个控制台警告不是错误或实际问题——Chrome 只是在宣传这个新标准以提高开发人员的采用率。

它与您的代码无关。这是 他们的网络服务器 必须支持的东西。

修复程序的发布日期为 2020 年 2 月 4 日:

https://www.chromium.org/updates/same-site

2020 年 2 月: Chrome 80 Stable 的强制推出:SameSite-by-default 和 SameSite=None-requires-Secure 行为将从 2020 年 2 月 17 日 那一周开始针对初始有限的人群推出到 Chrome 80 Stable,不包括周一是美国总统日假期。我们将通过逐渐增加的推广,从最初的有限阶段密切监测和评估生态系统的影响。

有关完整的 Chrome 发布时间表, 请参见此处

我通过添加响应标头解决了同样的问题

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

SameSite 阻止浏览器将 cookie 与跨站点请求一起发送。主要目标是降低跨域信息泄露的风险。它还提供了一些针对跨站点请求伪造攻击的保护。该标志的可能值为 Lax 或 Strict。

SameSite cookie 在这里 解释

请在应用任何选项之前参考 内容。

希望这对您有所帮助。

原文由 Rahul Mahadik 发布,翻译遵循 CC BY-SA 4.0 许可协议

社区维基
1

更新 - 2021 年 6 月

#same-site-by-default 的 chrome 标志作为 Chrome 91 从 Chrome 实验面板中删除。

在 Chrome 94 之前,该标志仍然可以通过启动选项使用。

对于 macos,使用标志启动的终端命令是:

 // Chrome
open -n -a Google\ Chrome --args --disable-features=SameSiteByDefaultCookies

// Chrome Canary
open -n -a Google\ Chrome\ Canary --args --disable-features=SameSiteByDefaultCookies

更多信息:

2021 年 3 月 18 日:从 Chrome 91 开始,#same-site-by-default-cookies 和 #cookies-without-same-site-must-be-secure 标志已从 chrome://flags 中删除,因为行为是现在默认启用。在 Chrome 94 中,命令行标志 –disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure 将被删除。资料来源: Chromium SameSite 更新页面

原始答案 - 2020 年 3 月

如果您在本地主机上进行测试并且您无法控制响应标头,则可以使用 chrome 标志禁用它。

访问 url 并禁用它:chrome://flags/#same-site-by-default-cookies 默认情况下 SameSite cookie 屏幕截图

我需要禁用它,因为 Chrome Canary 从大约 V 82.0.4078.2 开始强制执行此规则,现在它没有设置这些 cookie。

注意:我只在用于开发的 Chrome Canary 中打开此标志。出于与谷歌引入它相同的原因,最好不要为日常 Chrome 浏览打开该标志。

原文由 Will 发布,翻译遵循 CC BY-SA 4.0 许可协议

撰写回答
你尚未登录,登录后可以
  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进
推荐问题