samesite

问题 So I've read about Chrome 80's cookies defaulting to SameSite=Lax and like the rest of you, I'm now trying to mesure the impact this will have on my site. The site I'm running is split on several sub-domains and each of them uses their own cookie. It looks like this: first-site.domain.com uses Cookie1 ( path=/; secure; httponly ) second-site.domain.com uses Cookie2 ( path=/; secure; httponly ) Since these cookies do not specify the SameSite attribute, they are supposed to be treated as Lax on

问题 I'm running some tests to prepare for the upcoming Chrome version with the changes to SameSite handling of cookies, but my web application is giving trouble. I can reproduce it in the following way: Use Visual Studio 2019 (16.4.3) to create a new project. Pick "ASP.NET Core Web Application" and enable https. Add a "Scaffolded Item" and add ASP.NET Core Identity. When asked, scaffold all files, and add a fresh data context and user, using SQLite: Add services.AddRazorPages(); to Startup Add

问题 Chrome is giving me the following warning: A cookie associated with a cross-site resource at http://quilljs.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure . Note that quilljs.com is a 3rd party domain. I have seen these questions... the answers and comments on both questions are similar, some provide an answer like this: response.setHeader("Set-Cookie", "HttpOnly;Secure

问题 Chrome is reporting the following warning: A cookie associated with a cross-site resource at https://www.googletagmanager.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure . You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature

问题 Since the last update, I'm having an error with cookies, related with SameSite attribute. The cookies are from third party developers (Fontawesome, jQuery, Google Analytics, Google reCaptcha, Google Fonts, etc.) The errors in the Chrome console are like this. A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can

问题 Tomcat's context.xml defines CookieProcessor (default LegacyCookieProcessor) https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html I'm trying to add attribute(s) shown on cookie processor, however that doesn't seems to be working I don't see Tomcat's response header cookie with sameSite attribute being set 回答1: In your web application, inside the META-INF folder create a context.xml file with this inside. <Context> <CookieProcessor sameSiteCookies="strict" /> </Context> If you