如何修复“将SameSite Cookie设置为无"警告? [英] How to fix "set SameSite cookie to none" warning?

问题描述

我创建了一个chrome扩展程序，并从popup.js中调用了一个PHP脚本(使用Xhttprequest)来读取Cookie.像这样:

I created a chrome extension and from popup.js I called PHP script (Using Xhttprequest) that reads the cookie. Like this:

$cookie_name = "mycookie";

if(isset($_COOKIE[$cookie_name]))
{
    echo $_COOKIE[$cookie_name];
}
else{
    echo "nocookie";
}

但是我收到扩展名错误的警告.

But I'm getting this warning at errors in extensions.

设置了与(此处是我的域)的跨站点资源关联的cookie，而没有 SameSite 属性.如果将来的Chrome浏览器版本使用 SameSite = None 和 Secure 进行设置，则仅会发送带有跨站点请求的Cookie.您可以在应用程序">存储">"Cookies"下的开发人员工具中查看Cookie，并在 https://www.chromestatus中查看更多详细信息..com/feature/5088147346030592 和 https://www.chromestatus.com/feature/5633521622188032 .

A cookie associated with a cross-site resource at (Here is my domain) was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

我试图创建这样的cookie，但没有帮助.

I tried to create a cookie like this but it didn't help.

setcookie($cookie_name,$cookie_value, time() + 3600*24, "/;samesite=None ","mydomain.com", 1);

按照这个问题的说明进行操作.

推荐答案

我也处于试错"状态.为此，但是Google Chrome Labs的Github的答案对我有所帮助.我将其定义到我的主文件中，并且仅在一个第三方域中有效.仍在进行测试，但我渴望通过更好的解决方案来更新此答案:)

I'm also in a "trial and error" for that, but this answer from Google Chrome Labs' Github helped me a little. I defined it into my main file and it worked - well, for only one third-party domain. Still making tests, but I'm eager to update this answer with a better solution :)

编辑:我现在正在使用PHP 7.4，并且此语法运行良好(2020年9月):

I'm using PHP 7.4 now, and this syntax is working good (Sept 2020):

$cookie_options = array(
  'expires' => time() + 60*60*24*30,
  'path' => '/',
  'domain' => '.domain.com', // leading dot for compatibility or use subdomain
  'secure' => true, // or false
  'httponly' => false, // or false
  'samesite' => 'None' // None || Lax || Strict
);

setcookie('cors-cookie', 'my-site-cookie', $cookie_options);

---

如果您具有 PHP 7.2或更低版本(如Robert在下面回答):

---

If you have PHP 7.2 or lower (as Robert's answered below):

setcookie('key'，'value'，time()+(7 * 24 * 3600)，"/; SameSite = None; Secure");

如果您的主机已经更新到 PHP 7.3 ，则可以使用(由于Mahn的评论):

If your host is already updated to PHP 7.3, you can use (thanks to Mahn's comment):

setcookie('cookieName', 'cookieValue', [
  'expires' => time()+(7*24*3600,
  'path' => '/',
  'domain' => 'domain.com',
  'samesite' => 'None',
  'secure' => true,
  'httponly' => true
]);

您可以尝试检查Cookie的另一件事是启用下面的标志，以其自己的话来说，将为每个可能受此更改影响的cookie添加控制台警告消息":

Another thing you can try to check the cookies, is to enable the flag below, which—in their own words—"will add console warning messages for every single cookie potentially affected by this change":

chrome://flags/#cookie-deprecation-messages

在以下位置查看完整代码: https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md ，它们也具有 same-site-cookies 的代码.

See the whole code at: https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md, they have the code for same-site-cookies too.

这篇关于如何修复“将SameSite Cookie设置为无"警告?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！