发表新帖
发表新帖

PHP setcookie “SameSite=Strict”?

后端 未结
关注
9 2152
旧时难觅i
旧时难觅i 2020-11-29 00:26

I recently read \"RFC 6265\" on the attribute \"Same Site\", I looked at some articles that talked about that in April 2016, \"same-site\" attribute has been implemented for

9条回答
  • 眼角桃花
    眼角桃花 (楼主)
    2020-11-29 00:59

    There are a lot of examples showing how to set this attribute, but not many explanations of why.

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_attribute

    If a cookie is needed to be sent cross-origin, opt out of the SameSite restriction by using the None directive. The None directive requires that the Secure attribute also be used.

    The examples that are setting SameSite to None or Lax are only appropriate for cross-domain scenarios. If your code isn't cross-domain, use Strict.

    0 讨论(0)
 看不清?
提交回复
热议问题