静态站点Cookies:Cookie很快会被拒绝(SameSite)问题
Cookies for static site: Cookie will be soon rejected(SameSite) issue
我正在创建一个静态网站(将在 github 页面上发布)并希望使用 cookie 为用户存储网站状态。但是在设置 cookie 时出现以下错误:
Cookie “buttonState” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
我一直在使用以下js代码来设置cookies:
function set_cookies(jsonObj={},expires="",path="/"){
for(var key in jsonObj){
var temp = (key+"="+jsonObj[key]+";");
if(expires!=="")
temp += ("expires="+expires+";");
if(path!=="")
temp+= ("path="+path);
console.log(temp);
document.cookie = temp;
}
}
set_cookies({"buttonState":"compile");
我该如何解决这个问题?
我也一直在处理我们网站上 cookie 上的这件事。您需要将 ";sameSite=Lax" 附加到临时变量。这就是浏览器现在希望看到的。根据您提供的 link,Mozilla 文档说,Lax 的定义是:
"Cookies are allowed to be sent with top-level navigations and will be
sent along with GET request initiated by third party website. This is
the default value in modern browsers."
后来,在 None 下,它说:
"None used to be the default value, but recent browser versions made
Lax the default value to have reasonably robust defense against some
classes of cross-site request forgery (CSRF) attacks."
后来,在其中一个例子中,它说:
"While you could rely on modern browsers to apply SameSite=Lax
automatically, you should rather specify it explicitly to clearly
communicate your intent which SameSite policy applies to your cookie.
This will also improve the experience across browsers as not all of
them default to Lax yet."
我正在创建一个静态网站(将在 github 页面上发布)并希望使用 cookie 为用户存储网站状态。但是在设置 cookie 时出现以下错误:
Cookie “buttonState” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
我一直在使用以下js代码来设置cookies:
function set_cookies(jsonObj={},expires="",path="/"){
for(var key in jsonObj){
var temp = (key+"="+jsonObj[key]+";");
if(expires!=="")
temp += ("expires="+expires+";");
if(path!=="")
temp+= ("path="+path);
console.log(temp);
document.cookie = temp;
}
}
set_cookies({"buttonState":"compile");
我该如何解决这个问题?
我也一直在处理我们网站上 cookie 上的这件事。您需要将 ";sameSite=Lax" 附加到临时变量。这就是浏览器现在希望看到的。根据您提供的 link,Mozilla 文档说,Lax 的定义是:
"Cookies are allowed to be sent with top-level navigations and will be sent along with GET request initiated by third party website. This is the default value in modern browsers."
后来,在 None 下,它说:
"None used to be the default value, but recent browser versions made Lax the default value to have reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks."
后来,在其中一个例子中,它说:
"While you could rely on modern browsers to apply SameSite=Lax automatically, you should rather specify it explicitly to clearly communicate your intent which SameSite policy applies to your cookie. This will also improve the experience across browsers as not all of them default to Lax yet."