如何将SameSite属性设置为'None;在Rails3.1.12和Ruby1.9.3中“安全" [英] How to set SameSite attribute to 'None; Secure' in Rails3.1.12 and Ruby1.9.3

问题描述

在 https://example.com/上设置了与跨站点资源关联的cookie，而没有SameSite属性.它已被阻止，因为Chrome现在仅在跨站点请求中将Cookie设置为SameSite=None和Secure时才传递.您可以在应用程序">存储">"Cookies"下的开发人员工具中查看Cookie，并在 https://www.chromestatus中查看更多详细信息.com/feature/5088147346030592 和 https://www.chromestatus.com/feature/5633521622188032 .

A cookie associated with a cross-site resource at https://example.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

请让我知道如何设置SameSite cookie属性.提前致谢.

Please let me know how to set the SameSite cookie attribute. Thanks in advance.

推荐答案

设置自定义标头的方法是将以下行添加到控制器操作中:

The way to set custom headers is to add the line below to your controller action:

response.headers['Set-Cookie'] = 'Secure;SameSite=None'.

这篇关于如何将SameSite属性设置为'None;在Rails3.1.12和Ruby1.9.3中“安全"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！