iframe无法在Chrome中读取Cookie [英] iframe not reading cookies in Chrome
问题描述
Chrome浏览器不允许子iframe读取自己的cookie。
我有一个带有子iframe的父网页:
I have a parent webpage with a child iframe:
- 父母在
https://first-site.com
- 位于
的孩子
- cookie设置为
- 路径:'/'
- 安全:true
- httpOnly:false
- 域:'.second-site.com'
- parent at
https://first-site.com
- child at
<iframe src="https://second-site.com">
(inside of parent) - cookie set with
- path: '/'
- secure: true
- httpOnly: false
- domain: '.second-site.com'
我同时控制两个网站,并且希望iframe在iframe中执行一项操作,该操作要求读取
.second-site.com的cookie
。外部父级对此一无所知。I control both sites, and I want the iframe to perform an operation within the iframe that requires reading cookies for
.second-site.com
. The outer parent doesn't need to know anything about this.它适用于除Chrome之外的所有浏览器。
Chrome根本不会将子页面本身的cookie提供给子对象。
Chrome is simply not making the child page's own cookies available to the child.
在其自己的窗口中访问子页面并执行
Visiting the child page in its own window and performing the operation works in all browsers, including Chrome.
我已经在所有排列中尝试了这两个选项:
I've tried both of these options in all permutations:
- 为cookie设置
secure:false
或secure:true
- 为iframe设置
sandbox = allow-same-origin allow-scripts
,或删除sandbox
属性
- Set
secure:false
orsecure:true
for the cookie - Set
sandbox="allow-same-origin allow-scripts"
for the iframe, or remove thesandbox
attribute
Chrome的功能有所不同,Chrome中的iframe如何访问其自己的Cookie?
What is Chrome doing differently, and how can an iframe in Chrome access its own cookies?
推荐答案
服务器自动设置了一个相对较新的cookie属性,称为
SameSite
。禁用此功能(同时保留问题中列出的设置)将允许iframe在Chrome中访问自己的Cookie。There is a relatively new cookie attribute called
SameSite
that was being set by my server automatically. Disabling this (while retaining the settings listed in the question) allows the iframe access to its own cookies in Chrome.另请参见 Chrome功能状态& IETF草案
See also Chrome feature status & IETF draft
更新2020年8月
Chrome现在可以阻止未设置
SameSite
的Cookie,因此您需要明确设置将其更改为samesite = none
和secure = true
。Chrome now blocks cookies without
SameSite
set, so you need to explicitly set it tosamesite=none
andsecure=true
.这篇关于iframe无法在Chrome中读取Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!