SameSite предупреждение Chrome 77
Со времени последнего обновления у меня возникла ошибка с файлами cookie, связанная с атрибутом SameSite.
Файлы cookie принадлежат сторонним разработчикам (Fontawesome, jQuery, Google Analytics, Google reCaptcha, Google Fonts и т.д.)
Ошибки в консоли Chrome выглядят следующим образом.
A cookie associated with a cross-site resource at <URL> was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
(index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Что-то мне нужно делать на локальном компьютере или сервере, или это просто какая-то функция, которую они должны реализовать в будущих выпусках своих библиотек?
Ответы
Ответ 1
Это предупреждение консоли не является ошибкой или реальной проблемой - Chrome просто распространяет информацию об этом новом стандарте, чтобы ускорить принятие разработчиками.
Дата выпуска исправления 02/04/2020 в:
https://www.chromium.org/updates/same-site
Я решил ту же проблему, добавив в заголовок ответа
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
SameSite запрещает браузеру отправлять cookie вместе с межсайтовыми запросами. Основная цель - снижение риска утечки информации из разных источников. Он также обеспечивает некоторую защиту от атак подделки межсайтовых запросов. Возможные значения для флага: Lax или Strict.
Пожалуйста, ознакомьтесь с этим, прежде чем применять какой-либо вариант.
Надеюсь, это поможет вам.
