socket.io 设置没有相同站点属性的跨站点 cookie [英] socket.io sets cross-site cookie without same-site attribute
问题描述
我有一个 socket.io 应用程序,最近我收到了这个警告:
I have a socket.io application and recently I got this warning:
设置了与 URL 上的跨站点资源关联的 cookie没有 SameSite 属性.如果使用 SameSite=None 和 Secure 进行设置,Chrome 的未来版本将仅提供具有跨站点请求的 cookie.
A cookie associated with a cross-site resource at URL was set without the
SameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure.
您可以在开发者工具下查看 cookie应用程序>存储>Cookies 并查看更多详细信息https://www.chromestatus.com/feature/5088147346030592 和https://www.chromestatus.com/feature/5633521622188032.`
You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.`
显然,Chrome 将来会更新:SameSite 警告 Chrome 77
Apparently it is something that Chrome will be updating in the future: SameSite warning Chrome 77
我已经尝试过这个但没有明显效果:io= io.listen(server, { cookie: false });
I already tried this but to no apparent avail : io = io.listen(server, { cookie: false });
我认为 cookie 没有任何作用,那么如何禁用 io 设置?
I think the cookie doesn't do anything, so how can I disable io from setting it?
推荐答案
根据 Socket IOs 的 github repo 中报告的问题,该 cookie 不用于任何事情;您可以通过在服务器选项中设置 cookie: false 来禁用它.
As per the issue reported in Socket IOs' github repo, that cookie is not used for anything; you can disable it by setting cookie: false in the server options.
但是您错过的是在初始化套接字时设置 {cookie: false} 选项,而不是 http.listen.下面提供的解决方案对我有用,它使用 express 作为服务器.
But what you have missed is setting {cookie: false} option when initializing the socket, not http.listen. The solution provided below worked for me that uses express as the server.
var server = require('http').createServer(express());
var io = require('socket.io')(server, { path:"/some/path", cookie: false });
这篇关于socket.io 设置没有相同站点属性的跨站点 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
