添加"SameSite = None;"通过Rack中间件将Cookie存入Rails? [英] Adding 'SameSite=None;' cookies to Rails via Rack middleware?

问题描述

在2020年2月4日，Google Chrome将要求将SameSite=None;添加到所有跨站点Cookie. Rails 6.1，Rails 6.0很快在rails cookie哈希中添加了same_site: :none 选项:

On February 4th 2020, Google Chrome will require SameSite=None; to be added to all cross-site cookies. Rails 6.1 and soon Rails 6.0 have added a same_site: :none option to the rails cookie hash:

cookies["foo"]= {
  value: "bar",
  expires: 1.year.from_now,
  same_site: :none
} 

但是较旧的Rails 5.x应用程序将无法升级，无法访问same_site选项哈希.我知道SameSite=None; cookie选项可以使用以下命令在控制器中手动添加到Rails中:

But older Rails 5.x apps won't receive the upgrade to have access to the same_site options hash. I know the SameSite=None; cookie option can be manually added to Rails in a controller using:

response.headers["Set-Cookie"] = "my=cookie; path=/; expires=#{1.year.from_now}; SameSite=None;"

---

但是我的Rails 5.x应用程序使用复杂的cookie对象来修改cookie.与其将它们分开，我想编写Rack中间件来一次手动更新具有SameSite=None;属性的所有cookie.

---

But my Rails 5.x app uses complicated cookie objects that modify cookies. Instead of breaking them apart, I would like to write Rack middleware to manually update all cookies with the SameSite=None; attribute at once.

此StackOverflow答案显示了可修改Cookie的方法，以更新Rack Middleware中的Cookie:

This StackOverflow answer shows a way to cookies can be modified to update cookies within Rack Middleware:

# lib/same_site_cookie_middleware
class SameSiteCookieMiddleware
  def initialize(app)
    @app = app
  end

  def call(env)
    status, headers, body = @app.call(env)
    # confusingly, response takes its args in a different order
    # than rack requires them to be passed on
    # I know it's because most likely you'll modify the body, 
    # and the defaults are fine for the others. But, it still bothers me.

    response = Rack::Response.new body, status, headers

    response.set_cookie("foo", {:value => "bar", :path => "/", :expires => 1.year.from_now, same_site: :none})
    response.finish # finish writes out the response in the expected format.
  end
end

# application.rb
require 'same_site_cookie_middleware'
config.middleware.insert_after(ActionDispatch::Cookies, SameSiteCookieMiddleware)

如何重新编写此机架中间件代码，以将SameSite=None;手动附加到每个现有的cookie中?

How do I re-write this Rack Middleware code to manually append SameSite=None; into every existing cookie?

推荐答案

我能够将其与以下各项一起使用:

I was able to get this to work with the following:

# frozen_string_literals: true

class SameSiteCookies

  def initialize(app)
    @app = app
  end

  def call(env)
    status, headers, body = @app.call(env)

    set_cookie_header = headers['Set-Cookie']

    if set_cookie_header && !(set_cookie_header =~ /SameSite\=/)

      headers['Set-Cookie'] << ';' if !(set_cookie_header =~ /;$/)
      headers['Set-Cookie'] << ' SameSite=None'
      headers['Set-Cookie'] << '; Secure' if env['rack.url_scheme'] == 'https';

    end

    [status, headers, body]
  end
end

并通过以下方式添加到中间件:

and adding to middleware with:

Rails.application.config.middleware.insert_before(ActionDispatch::Cookies, SameSiteCookies)

这篇关于添加"SameSite = None;"通过Rack中间件将Cookie存入Rails?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！