如何解决 Apache 2.4 和 PHP 7.1 上 Chrome 中的跨站点 Google Analytics cookie `SameSite=None` 警告?
How can I resolve a cross-site Google Analytics cookie `SameSite=None` warning in Chrome on Apache 2.4 and PHP 7.1?
我客户的网站在 Chrome 中收到这些 SameSite cookie 警告。我到处搜索,但无法让警告消失。这些 cookie 是由于 Wordpress 网站上的 Google 广告转换跟踪。出于兼容性原因,该站点位于由 DreamHost 运行 PHP 7.1 托管的 Apache/2.4.7 (Ubuntu) 上。在我的 .htaccess 文件中,我尝试添加:
Header always edit Set-Cookie (.*) "; SameSite=None"
我试过了
Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
...我试过了
Header always edit Set-Cookie (.*) "; SameSite=None;Secure"
以及许多其他组合,包括 SameSite=Lax
一位指南针对 PHP 7.2 及以下版本推荐:
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');
但这给了我一个 500 Internal Server Erorr。
但是我仍然遇到以下三个错误:
A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .
(index):1 A cookie associated with a resource at http://doubleclick.net/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
在我的研究中,关于警告的信息似乎有限,而且在可用的指南中,我不确定是否必须按名称识别 cookie 或如何修复 cookie/headers在他们的来源。
我会查看跟踪器脚本。这是 gtag.js 文档中关于跨域流量的部分。确保只有域存在,没有 www、http 等。
gtag('set', 'linker', {
'domains': ['example.com', 'example-b.com']
});
您尝试过以下方法吗?
Header Set Access-Control-Allow-Origin "*"
Header Set Access-Control-Allow-Credentials: true
Header set Set-Cookie: "ACookieAvailableCrossSite; SameSite=None; Secure"
控制台警告并不意味着任何东西都一定坏了。您的网站继续按预期工作。
希望本文link对您有所帮助。
Samesite-cookies-ByDefault
我在发布 similar question on their github page.
后收到了 Google Chrome 实验室的回复
The cookies triggering the warning are coming from google.com so you will not be able to alter them. The Ads team is aware of these issues and is working to get their cookies fixed before the Feb 2020 stable date. It also means that none of the header directives you're specifying will affect the google.com cookie, it will only cover cookies set for your site.
If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes.
-rowan-m
在gtag.js
中设置字段
您也可以使用内联 gtag.js 实现来设置字段。
gtag('config', 'UA-XXXXXX', {
cookie_flags: 'max-age=7200;secure;samesite=none'
});
我客户的网站在 Chrome 中收到这些 SameSite cookie 警告。我到处搜索,但无法让警告消失。这些 cookie 是由于 Wordpress 网站上的 Google 广告转换跟踪。出于兼容性原因,该站点位于由 DreamHost 运行 PHP 7.1 托管的 Apache/2.4.7 (Ubuntu) 上。在我的 .htaccess 文件中,我尝试添加:
Header always edit Set-Cookie (.*) "; SameSite=None"
我试过了
Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
...我试过了
Header always edit Set-Cookie (.*) "; SameSite=None;Secure"
以及许多其他组合,包括 SameSite=Lax
一位指南针对 PHP 7.2 及以下版本推荐:
header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');
但这给了我一个 500 Internal Server Erorr。
但是我仍然遇到以下三个错误:
A cookie associated with a cross-site resource at was set without the
SameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .(index):1 A cookie associated with a resource at http://doubleclick.net/ was set with
SameSite=Nonebut withoutSecure. A future release of Chrome will only deliver cookies markedSameSite=Noneif they are also markedSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.(index):1 A cookie associated with a resource at http://google.com/ was set with
SameSite=Nonebut withoutSecure. A future release of Chrome will only deliver cookies markedSameSite=Noneif they are also markedSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
在我的研究中,关于警告的信息似乎有限,而且在可用的指南中,我不确定是否必须按名称识别 cookie 或如何修复 cookie/headers在他们的来源。
我会查看跟踪器脚本。这是 gtag.js 文档中关于跨域流量的部分。确保只有域存在,没有 www、http 等。
gtag('set', 'linker', {
'domains': ['example.com', 'example-b.com']
});
您尝试过以下方法吗?
Header Set Access-Control-Allow-Origin "*"
Header Set Access-Control-Allow-Credentials: true
Header set Set-Cookie: "ACookieAvailableCrossSite; SameSite=None; Secure"
控制台警告并不意味着任何东西都一定坏了。您的网站继续按预期工作。
希望本文link对您有所帮助。 Samesite-cookies-ByDefault
我在发布 similar question on their github page.
后收到了 Google Chrome 实验室的回复The cookies triggering the warning are coming from google.com so you will not be able to alter them. The Ads team is aware of these issues and is working to get their cookies fixed before the Feb 2020 stable date. It also means that none of the header directives you're specifying will affect the google.com cookie, it will only cover cookies set for your site.
If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes. -rowan-m
在gtag.js
中设置字段您也可以使用内联 gtag.js 实现来设置字段。
gtag('config', 'UA-XXXXXX', {
cookie_flags: 'max-age=7200;secure;samesite=none'
});