设置 cookie SameSite=None 对 Chrome / JSP、JAVASCRIPT 不起作用
Setting cookie SameSite=None doesn't work on Chrome / JSP、JAVASCRIPT
我正在开发 JSP(tomcat6) 应用程序。 (域不同)
我正在尝试将 same-site 属性设置为 None
,因为 chrome 浏览器的新版本导致 cookie 在超过 2 分钟后消失了。 (修复发布日期为 2020 年 2 月 4 日,每个:https://www.chromium.org/updates/same-site)
我尝试通过以下方式解决问题,但仍然无效
response.setHeader("Set-Cookie", "user=test;HttpOnly;Secure;SameSite=None");
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; HttpOnly; SameSite=None; Secure";
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
By using Pop-up windows
代码在这里
document.form1.division2.value = 1;
document.form1.division3.value = 1;
document.form1.division4.value = 1;
document.form1.pan.value = 4322423434232342;
document.form1.expiryDate.value = 0222;
document.form1.jspName.value = 'index.jsp';
document.form1.method = "post";
document.cookie = "HttpOnly; SameSite=None; Secure";
document.form1.action = http://service3.smartcapsule.jp/disp/ONECLICKCOMM.do;
Header在这里
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=90<br>
cache-control=max-age=0<br>
origin=http://localhost:8080<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=same-origin<br>
sec-fetch-mode=navigate<br>
sec-fetch-user=?1<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
cookie=SameSite=None; Secure; aspGroupId=00000000; _ga=GA1.1.371271115.1600306707; _gid=GA1.1.1473986481.1600822923; JSESSIONID=15BA5A77A80B2C93969A44FE9371B135; _gat_UA-71516129-3=1; _token=8b234c913616b70c05100bb7fc141a33; _gat=1; arp_scroll_position=2986.363525390625<br>
</body></html>
-------------------------------------------------------------------------------------------
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=384<br>
cache-control=max-age=0<br>
origin=null<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=cross-site<br>
sec-fetch-mode=navigate<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
</body></html>
如果我不更改浏览器属性,我应该如何修复它?
disable 「SameSite by default cookies」 in chrome://flags
「20200924」我试了下面的,饼干还是丢了
Cookies.set('name', 'value', {
sameSite: 'none',
secure: true
})
response.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; SameSite=None; Secure";
public void doGet( HttpServletRequest request, HttpServletResponse response ) throws ServletException,IOException {
response.setContentType("text/html;charset=Windows-31J");
PrintWriter out = response.getWriter();
out.println("<html><body>");
Enumeration e = request.getHeaderNames();
while( e.hasMoreElements() ) {
String name = ( String )e.nextElement();
out.println( name + "=" + request.getHeader( name ) + "<br>");
}
out.println("</body></html>");
}
document.cookie = "<%= s_cookies %>";
document.cookie = "witcher=Geralt; SameSite=None; Secure";
res.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
res.setHeader("Access-Control-Allow-Origin","*");
res.setHeader("Access-Control-Allow-Credentials","true");
crossDomain=true; withCredentials=true;Authorization; Max-Age=60*60*3600
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
<script
src="https://code.jquery.com/jquery-3.4.1.min.js"
integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous">
</script>
<script>
const apexUrl = 'localhost:8080';
const forwardUrl = 'https://localhost:8080';
alert(window.location.host);
if (window.location.host === apexUrl) {
window.location.host = forwardUrl;
}
</script>
Google reCAPTCHA
要编辑 cookie,设置其值,然后将其添加到响应中。
永远不要忘记更改 ExpiresDate。
我正在开发 JSP(tomcat6) 应用程序。 (域不同)
我正在尝试将 same-site 属性设置为 None
,因为 chrome 浏览器的新版本导致 cookie 在超过 2 分钟后消失了。 (修复发布日期为 2020 年 2 月 4 日,每个:https://www.chromium.org/updates/same-site)
我尝试通过以下方式解决问题,但仍然无效
response.setHeader("Set-Cookie", "user=test;HttpOnly;Secure;SameSite=None");
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; HttpOnly; SameSite=None; Secure";
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
By using Pop-up windows
代码在这里
document.form1.division2.value = 1;
document.form1.division3.value = 1;
document.form1.division4.value = 1;
document.form1.pan.value = 4322423434232342;
document.form1.expiryDate.value = 0222;
document.form1.jspName.value = 'index.jsp';
document.form1.method = "post";
document.cookie = "HttpOnly; SameSite=None; Secure";
document.form1.action = http://service3.smartcapsule.jp/disp/ONECLICKCOMM.do;
Header在这里
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=90<br>
cache-control=max-age=0<br>
origin=http://localhost:8080<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=same-origin<br>
sec-fetch-mode=navigate<br>
sec-fetch-user=?1<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
cookie=SameSite=None; Secure; aspGroupId=00000000; _ga=GA1.1.371271115.1600306707; _gid=GA1.1.1473986481.1600822923; JSESSIONID=15BA5A77A80B2C93969A44FE9371B135; _gat_UA-71516129-3=1; _token=8b234c913616b70c05100bb7fc141a33; _gat=1; arp_scroll_position=2986.363525390625<br>
</body></html>
-------------------------------------------------------------------------------------------
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=384<br>
cache-control=max-age=0<br>
origin=null<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=cross-site<br>
sec-fetch-mode=navigate<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
</body></html>
如果我不更改浏览器属性,我应该如何修复它?
disable 「SameSite by default cookies」 in chrome://flags
「20200924」我试了下面的,饼干还是丢了
Cookies.set('name', 'value', {
sameSite: 'none',
secure: true
})
response.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; SameSite=None; Secure";
public void doGet( HttpServletRequest request, HttpServletResponse response ) throws ServletException,IOException {
response.setContentType("text/html;charset=Windows-31J");
PrintWriter out = response.getWriter();
out.println("<html><body>");
Enumeration e = request.getHeaderNames();
while( e.hasMoreElements() ) {
String name = ( String )e.nextElement();
out.println( name + "=" + request.getHeader( name ) + "<br>");
}
out.println("</body></html>");
}
document.cookie = "<%= s_cookies %>";
document.cookie = "witcher=Geralt; SameSite=None; Secure";
res.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
res.setHeader("Access-Control-Allow-Origin","*");
res.setHeader("Access-Control-Allow-Credentials","true");
crossDomain=true; withCredentials=true;Authorization; Max-Age=60*60*3600
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
<script
src="https://code.jquery.com/jquery-3.4.1.min.js"
integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous">
</script>
<script>
const apexUrl = 'localhost:8080';
const forwardUrl = 'https://localhost:8080';
alert(window.location.host);
if (window.location.host === apexUrl) {
window.location.host = forwardUrl;
}
</script>
Google reCAPTCHA
要编辑 cookie,设置其值,然后将其添加到响应中。 永远不要忘记更改 ExpiresDate。