更新时间:2023-11-30 23:38:10
我的问题是为什么当我使用安全时,只有Chrome浏览器会阻止cookie,但在其他浏览器中是正确的
My question is why when I use secure, only the Chrome browser blocks the cookie, but it is true in other browsers
I am not sure about other browsers but Chrome implements strategy of allowing cookies with secure
attribute over secure connection as per this IETF draft.
尽管此草案是为Chrome实施的,但不是在Firefox上,这就是为什么在Firefox中转到 about:config>的原因.network.cookie.sameSite.noneRequiresSecure
,默认值为 false .
While this draft is implemented for Chrome, it is not on Firefox which is why on Firefox in you go to about:config > network.cookie.sameSite.noneRequiresSecure
, default value is false.
如果您只需要在本地开发环境中使用它,则可以通过禁用
If you just need to do it for your local dev environment, You can retain the old behavior for cookies in chrome by disabling
我必须支持旧版HTTP客户端,但是如果我使用https://来源安全,我无法从http设置cookie,而且我无法访问它来自http的cookie,我的目标是拥有SameSite = None,在http和在http://来源,任何想法上都不安全,而不是建立谷歌办公室附近发生***?
I have to support legacy http clients, but if I make https:// origin secure , I can't set cookie from http, more over I can't access this cookie from http, my goal is to have SameSite=None, Secure on http and not secure on http:// origin, any ideas, instead of establishing protests near google office ?
鉴于这将在不久的将来成为标准,我怀疑您是否能够为客户端应用程序实现这种行为,只有路由是安全的HTTPS.
Given that it is going to be standard in near future, I doubt you will be able to achieve this behavior for client applications, only route is to go secure, HTTPS.
参考: