Chrome 80中的SameSite Cookie扩展更改将如何影响Identity Server 4用户？ [英] How will the SameSite cookie extension changes in Chrome 80 affect Identity Server 4 users?

问题描述

Barry Dorrans具有很好的页记录了Chrome 80（及其他）即将对同一站点cookie扩展进行的更改，以及它如何影响基于.net / .net核心的Web应用程序中的OpenIdConnect身份验证流。

Chrome 80中的SameSite Cookie扩展更改将如何影响IdentityServer4用户？
当前的身份服务器用户需要采取什么措施（若有）来更改Cookie的行为？当前正在运行具有身份验证代码和隐式流的IdentityServer4 2.13。

Barry Dorrans has nice page documenting the forthcoming changes by Chrome 80 (and others) to samesite cookie extensions and how it might affect OpenIdConnect auth flows in .net / .net core based web apps.
How will the SameSite cookie extension changes in Chrome 80 affect IdentityServer4 users? What action (if any) do current identity server users need to take for this coming change to cookie behavior? Currently running IdentityServer4 2.13 with authcode and implicit flows.

推荐答案

您将在Google Chrome中看到控制台警告，并且身份服务器无法执行以下操作重定向到客户端，该客户端可以是React App或Angular App for Chrome版本80。

You will get below console warring in Google Chrome and your Identity server failed to redirect to Client that could be React App or Angular App for Chrome version 80.

与资源相关联的Cookie设置为 SameSite = None ，但没有 Secure 。它已被阻止，因为Chrome现在仅发送标记为安全的cookie，标记为 SameSite = None 的cookie。您可以在应用程序>存储> Cookies下的开发人员工具中查看Cookie，并在 https：// www中查看更多详细信息。 chromestatus.com/feature/5633521622188032 。

A cookie associated with a resource at was set with SameSite=None but without Secure. It has been blocked, as Chrome now only delivers cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.

要解决此问题，您需要在以下链接中提及更改-

To Fix this , you need to do changes mention in below link -

https://www.thinktecture.com / en / identity / samesite / prepare-your-identityserver /

注意：对于.Net Core 2.2，设置SameSite =（SameSiteMode）（-1）
，对于.Net Core 3.0或更高版本，请设置SameSite = SameSiteMode.Unspecified

NOTE : For .Net Core 2.2 , set SameSite = (SameSiteMode)(-1) , For .Net Core 3.0 or above , set SameSite = SameSiteMode.Unspecified

此外，对于Chrome 80版本，请添加以下额外条件-

Also , for Chrome 80 version , add this extra condition -

 if ( userAgent.Contains("Chrome/8"))
            {
                return true;
            }

这篇关于Chrome 80中的SameSite Cookie扩展更改将如何影响Identity Server 4用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！