Cookies和SameSite + Secure-ExpressJS [英] Cookies and SameSite + Secure - ExpressJS

问题描述

即使我的express应用程序具有以下设置，控制台中仍会显示以下警告.有没有人看过这个错误?我的搜索将我带到 https://github.com/expressjs/express/issues/3095

The following warning is being shown in the console, even though I have the following settings on my express application. Has anyone seen this error before? My search brought me to https://github.com/expressjs/express/issues/3095

我也在使用express:4.17.1

I am also using express : 4.17.1

let COOKIE_OPTIONS = { httpOnly: true, sameSite: 'None', secure: true };

A cookie associated with a cross-site resource at http://MYURL.URL was set
without the `SameSite` attribute. A future release of Chrome will only deliver 
cookies with cross-site requests if they are set with `SameSite=None` and 
`Secure`. You can review cookies in developer tools under 
Application>Storage>Cookies and see more details at 
https://www.chromestatus.com/feature/5088147346030592 and 
https://www.chromestatus.com/feature/5633521622188032.

使用Insomia(邮递员)进行请求时，我看到以下内容

When doing a request using Insomia (Postman) I see the following

access_token=someToken; 
Path=/; 
HttpOnly; 
Secure; 
SameSite=None

推荐答案

文档链接:https://www.npmjs.com/package/express-session#cookiesamesite

以下代码将解决您的问题.也建议继续进行.

The below code will solve your issue. This is also recommended going forward.

const express = require('express');
const session = require('express-session');
const app = express();

const sessionConfig = {
  secret: 'MYSECRET',
  name: 'appName',
  resave: false,
  saveUninitialized: false,
  store: store,
  cookie : {
    sameSite: 'strict', // THIS is the config you are looing for.
  }
};

if (process.env.NODE_ENV === 'production') {
  app.set('trust proxy', 1); // trust first proxy
  sessionConfig.cookie.secure = true; // serve secure cookies
}

app.use(session(sessionConfig));

根据您的情况，将 sameSite 设置为'none'

In your case, set sameSite to 'none'

如果您想知道什么是 store ?我将数据库用作所有cookie的存储.这与OP提出的问题无关.就像在评论中由@klevis指出的那样添加.这是代码:

In case you are wondering what is store? I am using my database as storage for all the cookies. It's not relevant to the question asked by OP. Just added as pointed by @klevis in the comment. Here's the code:

const KnexSessionStore = require('connect-session-knex')(session);
const store = new KnexSessionStore({
  tablename: 'session',
  knex: kx,
  createtable: false
});

• 修正了 CaptainAdmin
指出的问题
• 添加了商店定义.

这篇关于Cookies和SameSite + Secure-ExpressJS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！