我的问题是为什么当我使用安全时，只有Chrome浏览器会阻止cookie，但在其他浏览器中是正确的

My question is why when I use secure, only the Chrome browser blocks the cookie, but it is true in other browsers

我不确定其他浏览器，但Chrome会根据

I am not sure about other browsers but Chrome implements strategy of allowing cookies with secure attribute over secure connection as per this IETF draft.

尽管此草案是为Chrome实施的，但不是在Firefox上，这就是为什么在Firefox中转到 about:config>的原因.network.cookie.sameSite.noneRequiresSecure ，默认值为 false .

While this draft is implemented for Chrome, it is not on Firefox which is why on Firefox in you go to about:config > network.cookie.sameSite.noneRequiresSecure, default value is false.

如果您只需要在本地开发环境中使用它，则可以通过禁用

If you just need to do it for your local dev environment, You can retain the old behavior for cookies in chrome by disabling

1. chrome://flags/#same-site-by-default-cookies
2. chrome://flags/#cookies-without-same-site-must-be-secure

我必须支持旧版HTTP客户端，但是如果我使用https://来源安全，我无法从http设置cookie，而且我无法访问它来自http的cookie，我的目标是拥有SameSite = None，在http和在http://来源，任何想法上都不安全，而不是建立谷歌办公室附近发生***?

I have to support legacy http clients, but if I make https:// origin secure , I can't set cookie from http, more over I can't access this cookie from http, my goal is to have SameSite=None, Secure on http and not secure on http:// origin, any ideas, instead of establishing protests near google office ?

鉴于这将在不久的将来成为标准，我怀疑您是否能够为客户端应用程序实现这种行为，只有路由是安全的HTTPS.

Given that it is going to be standard in near future, I doubt you will be able to achieve this behavior for client applications, only route is to go secure, HTTPS.

参考:

1. https://web.dev/samesite-cookies-explained/#changes-to-default-behavior-with-samesite
2. https://redmondmag.com/article/2020/01/28/samesite-cookie-changes-break-apps.aspx