gpt4 book ai didi

google-chrome - 在哪里添加 `SameSite=None`?

转载 作者:行者123 更新时间:2023-12-03 15:01:21 30 4
gpt4 key购买 nike

我的网站上发生了以下代码,并且我尽力做到了这一点,所以我有几个问题,请阅读。category-search-Forum:1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.我已经看到很多人在堆栈和其他在线位置上谈论此问题,但是没有人确切解释如何添加SameSite=None
1问题:如何或在何处添加SameSite=None
并查看错误,什么是“安全”
这是SameSite=Secure吗?SameSite=NoneSameSite=Secure有什么区别?

最佳答案

如此处所述:https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
这实际上是服务器端的问题。它的全部意思是,您正在使用来自另一个站点(通常是JS或CSS)的资源,并且该服务器正在尝试设置cookie。但是,它没有设置SameSite属性。
这样做是由于以下原因:

Today, if a cookie is only intended to be accessed in a first party context, the developer has the option to apply one of two settings (SameSite=Lax or SameSite=Strict) to prevent external access. However, very few developers follow this recommended practice, leaving a large number of same-site cookies needlessly exposed to threats such as Cross-Site Request Forgery attacks.

To safeguard more websites and their users, the new secure-by-default model assumes all cookies should be protected from external access unless otherwise specified. Developers must use a new cookie setting, SameSite=None, to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute must be used so cross-site cookies can only be accessed over HTTPS connections. This won’t mitigate all risks associated with cross-site access but it will provide protection against network attacks.

Beyond the immediate security benefits, the explicit declaration of cross-site cookies enables greater transparency and user choice. For example, browsers could offer users fine-grained controls to manage cookies that are only accessed by a single site separately from cookies accessed across multiple sites.


由于您的帖子没有定义您是在服务器端还是客户端,我的假设是您正在客户端,因此,您无能为力,因为该资源需要更新。但是,如果您要进行服务器端开发,则以下是各种语言的资源列表: https://github.com/GoogleChromeLabs/samesite-examples
TLDR;如果您是客户端开发人员,则这是因为链接的资源没有此设置,因此您无能为力。如果您是服务器端开发人员,请查看github链接,以获取有关如何为您的网站修复此问题的示例。
编辑:如果您只是想摆脱消息,请在此处讨论解决方案: Chrome Console SameSite Cookie Attribute Warning,您可以在其中通过 chrome://flags Cookie Deprecation messages disabled禁用它们。

关于google-chrome - 在哪里添加 `SameSite=None`?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60822936/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com