SameSite cookies explained
SameSite cookies explained
️♂️Chrome 这波 cookie 安全策略的升级估计会影响很多第三方的 cookie!
https://web.dev/samesite-cookies-explained/?utm_source=xgqfrms.xyz
https://web.dev/samesite-cookie-recipes
cookies explained
Set-Cookie: promo_shown=1; Max-Age=2600000; Secure
Cookie: promo_shown=1
document.cookie;
document.cookie = "promo_shown=1; Max-Age=2600000; Secure";
chrome://flags/#cookies-without-same-site-must-be-secure
about:config
http://kb.mozillazine.org/About:config
MDN
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Set-Cookie#Browser_compatibility
Set-Cookie: <cookie-name>=<cookie-value>
Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>
Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>
Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>
Set-Cookie: <cookie-name>=<cookie-value>; Secure
Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax
// Multiple directives are also possible, for example:
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly
None, Lax, Strict
demo
A cookie associated with a cross-site resource at http://hm.baidu.com/ was set without the SameSite
attribute.
A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None
and Secure
.
You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Cookies default to SameSite=Lax
https://www.chromestatus.com/feature/5088147346030592
Reject insecure SameSite=None cookies
https://www.chromestatus.com/feature/5633521622188032
xgqfrms 2012-2020
www.cnblogs.com 发布文章使用:只允许注册用户才可以访问!
最新文章
- web api 开发记录
- 百度编辑器Ueditor自动换行,添加<;p>;的问题
- python27+django调用数据库
- 关于web会话中的session过期时间的设置
- think ajax 应用
- AFNetworking网络请求的get和post步骤
- Winsock在Windows下的编程教程(C语言)(图文并茂,超长教程)
- C语言知识汇总
- Java AOP (1) compile time weaving 【Java 切面编程 (1) 编译期织入】
- 基于 HTML5 WebGL 的 3D 网络拓扑图
- git的命令行输出正确地显示中文文件名
- 自制操作系统Antz(7)——实现内核 (上)
- 纯css实现翻书效果
- iOS面试准备之思维导图
- C# 计算地图上某个坐标点的是否在多边形内
- 使用python玩跳一跳亲测使用步骤详解
- PyQt5安装及ModuleNotFoundError: No module named &#39;PyQt5&#39;问题解决
- 自适应页面设计: Viewport控制, media query和相对单位
- RMAN 备份数据库到DISK后进行数据恢复
- STM32各个文件介绍、uCOSII文件介绍