问题
I have a socket.io application and recently I got this warning:
A cookie associated with a cross-site resource at URL was set without the
SameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure.You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.`
Apparently it is something that Chrome will be updating in the future: SameSite warning Chrome 77
I already tried this but to no apparent avail : io = io.listen(server, { cookie: false });
I think the cookie doesn't do anything, so how can I disable io from setting it?
回答1:
As per the issue reported in Socket IOs' github repo, that cookie is not used for anything; you can disable it by setting cookie: false in the server options.
But what you have missed is setting {cookie: false} option when initializing the socket, not http.listen. The solution provided below worked for me that uses express as the server.
var server = require('http').createServer(express());
var io = require('socket.io')(server, { path:"/some/path", cookie: false });
来源:https://stackoverflow.com/questions/58557911/socket-io-sets-cross-site-cookie-without-same-site-attribute