找到导致 Chrome 的 SameSite 警告的 cookie [英] Find the cookie that causes Chrome's SameSite warning

问题描述

正如你们中的一些人所知，Chrome 将在本月开始使用新的 SameSite cookie 政策(

现在，随着新政策的推出越来越近，我尝试使用 Chrome 开发人员工具中的应用程序视图找到有问题的 cookie.这是显示:

如您所见，没有任何 cookie 的 Secure 或 SameSize 条目.

所以我启用了新政策，看看会发生什么变化.这可以在 chrome://flags

中完成

进行这些更改后，我在控制台中看到一条消息，告诉我 cookie 已被阻止.

但 Chrome 开发者工具中的应用程序视图显示的 cookie 与以前完全相同.

此外，我浏览了开发者工具网络视图中的每个条目.任何条目都没有 Cookie 标签.

这很令人沮丧，因为我不知道您被阻止的 cookie 是否与我们应用程序的功能相关.

有没有办法找出哪个 cookie 被阻止了?Chrome 不能在写入控制台的警告中直接提及 cookie 吗?

解决方案

我们在这里整理了一份更深入的调试指南:https://www.chromium.org/updates/same-site/test-debug

作为 tl;dr

1. 在网络"面板中，选择一个请求，转到 Cookie 子选项卡，选中显示过滤掉的请求 cookie"，您可以看到每个 cookie 以及未包含的 cookie
2. 从 Chrome 中捕获 NetLog 转储，您可以详细检查特定的阻塞事件.

As some of you know, Chrome will start using a new SameSite cookie policy this month (https://web.dev/samesite-cookies-explained/ and https://www.chromium.org/updates/same-site).

We are using Auth0 for our App and have seen this SameCookie warning in Chrome's console since the end of last year:

Now since introduction of the new policy is getting closer, I tried to find the offending cookie using the Application view in Chrome's developer tools. This is what is shows:

As you can see, there is no entry for Secure or SameSize for any cookie.

So I enabled the new policy to see what will change. This can be done in chrome://flags

After these changes I see a message in the console, telling me that a cookie was blocked.

But the Application view in Chrome's developer tools shows exactly the same cookies as before.

Also, I went through each entry in the developer tools Network view. There is no Cookie tab for any of the entries.

This is very frustrating, as I do not know if thee blocked cookie is relevant for the functioning of our application.

Is there a way to find out which cookie was blocked? Can't Chrome just mention the cookie in the warning that it writes into the console?

解决方案

We've put together a more in-depth debugging guide here: https://www.chromium.org/updates/same-site/test-debug

As a tl;dr

1. In the Network panel, select a request, go to the Cookies sub-tab, check the "show filtered out request cookies", and you can see each cookie along with the ones that were not included
2. Capture a NetLog dump from Chrome and you can examine this in detail for the specific blocking events.

这篇关于找到导致 Chrome 的 SameSite 警告的 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！