SameSite cookies explained
None, Lax, Strict
????️♂️Chrome 这波 cookie 安全策略的升级估计会影响很多第三方的 cookie!
cookies explained
Set-Cookie: promo_shown=1; Max-Age=2600000; Secure
Cookie: promo_shown=1
document.cookie;
document.cookie = "promo_shown=1; Max-Age=2600000; Secure";
chrome://flags/#cookies-without-same-site-must-be-secure
about:config
Set-Cookie: <cookie-name>=<cookie-value>
Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>
Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>
Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>
Set-Cookie: <cookie-name>=<cookie-value>; Secure
Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax
// Multiple directives are also possible, for example:
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly
None, Lax, Strict
demo
A cookie associated with a cross-site resource awas set without the SameSite attribute.
A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.
You can review cookies in developer tools under Application>Storage>Cookies and see more details at Cookies default to SameSite=Lax
Reject insecure SameSite=None cookies
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
