如何在 python selenium 中设置 Chrome 实验性选项 same-site-by-default-cookie

How to set Chrome experimental option same-site-by-default-cookie in python selenium

我想这应该可行:

from selenium import webdriver
options = webdriver.ChromeOptions()
options.add_experimental_option('same-site-by-default-cookies', 'true')
driver = webdriver.Chrome(chrome_options=options)

启用为未来 chrome 版本安排的同站点 cookie 限制。不是,有错误:

selenium.common.exceptions.InvalidArgumentException: 
Message: invalid argument: cannot parse capability: goog:chromeOptions
from invalid argument: unrecognized chrome option: same-site-by-default-cookies

我可以使用 chrome://flags 手动更改选项并查看它是否正常工作。但是,我想将其自动化,只需 运行 测试脚本即可查看。

此处有 java 代码:https://groups.google.com/forum/#!topic/chromedriver-users/cI8hj7eihRo 可以做到,但我不确定如何将其转移到 python.

是否有任何参考资料可以帮助我设置此选项或不同的选项?

你没看错。

根据文章 Chrome browser pushes SameSite cookie security overhaul Chrome 添加了 SameSite 支持,这将要求 Web 开发人员控制 cookie 以跨站点访问 cookie,使用 SameSite Set-Cookie header 的属性,可以是 Strict, Lax, 或 None.

在 Chromium 博客 Improving privacy and security on the web @BenGalbraith [总监,Chrome 产品管理] 和@JustinSchuh [总监,Chrome 工程] 提到:

This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used.

This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default. We also announced our plan to eventually limit cross-site cookies to HTTPS connections, providing additional important privacy protections for our users.

upar...@gmail.com在讨论WebDriver mechanism to test samesite cookie security overhaul? demonstrated that you can enable sameSite cookie flag using localState experimental options of chromedriver through Selenium如下:

ChromeOptions chromeOptions = new ChromeOptions();
HashMap<String, Object> chromeLocalStatePrefs = new HashMap<String, Object>();
List<String> experimentalFlags = new ArrayList<String>();
experimentalFlags.add("same-site-by-default-cookies@1");
experimentalFlags.add("cookies-without-same-site-must-be-secure@1");
chromeLocalStatePrefs.put("browser.enabled_labs_experiments",experimentalFlags);
chromeOptions.setExperimentalOption("localState", chromeLocalStatePrefs);

tl;博士

文档:

在 Chrome 上测试:版本 79.0.3945.130(官方构建)(64 位)

在Python中你可以使用下面的代码

    chrome_options = webdriver.ChromeOptions()
    experimentalFlags = ['same-site-by-default-cookies@1','cookies-without-same-site-must-be-secure@1']
    chromeLocalStatePrefs = { 'browser.enabled_labs_experiments' : experimentalFlags}
    chrome_options.add_experimental_option('localState',chromeLocalStatePrefs)
    driver = webdriver.Chrome(options=chrome_options)
    driver.get("https://www.bing.com")

Python selenium 客户端将发送以下功能

[1579581631.792][INFO]: Starting ChromeDriver 79.0.3945.36 (3582db32b33893869b8c1339e8f4d9ed1816f143-refs/branch-heads/3945@{#614})
[1579581631.792][INFO]: Please protect ports used by ChromeDriver and related test frameworks to prevent access by malicious code.
[1579581632.264][INFO]: [f6b8433509c420fd317902f72b1d102d] COMMAND InitSession {
   "capabilities": {
      "alwaysMatch": {
         "browserName": "chrome",
         "goog:chromeOptions": {
            "args": [  ],
            "extensions": [  ],
            "localState": {
               "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
            }
         },
         "platformName": "any"
      },
      "firstMatch": [ {

      } ]
   },
   "desiredCapabilities": {
      "browserName": "chrome",
      "goog:chromeOptions": {
         "args": [  ],
         "extensions": [  ],
         "localState": {
            "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
         }
      },
      "platform": "ANY",
      "version": ""
   }
}

检查它是否真的有效。转到 chrome://flags/