admin管理员组文章数量:1550396
Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests
AFFECTED RESOURCES
5 cookies
Name Domain & Path
UM_distinctid .amap/
dev_help .amap/
isg .amap/
l .amap/
tfstk .amap/
2 requests
百度了一圈似乎是跨域问题,这些代码在TOMCAT服务器中运行正常,但是在HTML页面中单独运行则失败了。先挖一个坑:等调试完成来解决该问题。顺便了解一下常常被考到的面试题:跨域。
SameSite 属性
Cookie 的SameSite属性用来限制第三方 Cookie,从而减少安全风险。
它可以设置三个值。
- Strict
- Lax
- None
几种写法
Set-Cookie: CookieName=CookieValue; SameSite=Lax;
Set-Cookie: CookieName=CookieValue; SameSite=Lax;
注意这里的Secure
Set-Cookie: widget_session=abc123; SameSite=None; Secure
参考链接:https://blog.csdn/weixin_44269886/article/details/102459425?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-2.channel_param&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-2.channel_param
本文标签: CrosscookiesendSiteattribute
版权声明:本文标题:调试显示Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute问题 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1727245868a1104619.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论