如何修复“将 SameSite cookie 设置为无"警告?

2021-12-21 00:00:00 cookies php

我创建了一个 chrome 扩展,并从 popup.js 调用读取 cookie 的 PHP 脚本(使用 Xhttprequest).像这样:

I created a chrome extension and from popup.js I called PHP script (Using Xhttprequest) that reads the cookie. Like this:

$cookie_name = "mycookie";

if(isset($_COOKIE[$cookie_name]))
{
    echo $_COOKIE[$cookie_name];
}
else{
    echo "nocookie";
}

但是我在扩展中的错误时收到此警告.

But I'm getting this warning at errors in extensions.

与 (Here is my domain) 的跨站点资源关联的 cookie 设置为没有 SameSite 属性.如果使用 SameSite=NoneSecure 进行设置,Chrome 的未来版本将仅提供具有跨站点请求的 cookie.您可以在应用程序>存储>Cookies 下的开发人员工具中查看 cookie,并在 https://www.chromestatus 上查看更多详细信息.com/feature/5088147346030592 和 https://www.chromestatus.com/feature/5633521622188032.

A cookie associated with a cross-site resource at (Here is my domain) was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

我尝试创建这样的 cookie,但没有帮助.

I tried to create a cookie like this but it didn't help.

setcookie($cookie_name,$cookie_value, time() + 3600*24, "/;samesite=None ","mydomain.com", 1);

按照这个问题中的说明进行操作.

Following instructions from this question.

推荐答案

我也在反复试验"中为此,但是来自 Google Chrome Labs 的 Github 的这个答案对我有所帮助.我将它定义到我的主文件中并且它工作正常 - 很好,仅适用于一个第三方域.仍在进行测试,但我很想用更好的解决方案更新这个答案:)

I'm also in a "trial and error" for that, but this answer from Google Chrome Labs' Github helped me a little. I defined it into my main file and it worked - well, for only one third-party domain. Still making tests, but I'm eager to update this answer with a better solution :)

我现在使用的是 PHP 7.4,此语法运行良好(2020 年 9 月):

I'm using PHP 7.4 now, and this syntax is working good (Sept 2020):

$cookie_options = array(
  'expires' => time() + 60*60*24*30,
  'path' => '/',
  'domain' => '.domain.com', // leading dot for compatibility or use subdomain
  'secure' => true, // or false
  'httponly' => false, // or false
  'samesite' => 'None' // None || Lax || Strict
);

setcookie('cors-cookie', 'my-site-cookie', $cookie_options);


如果您有 PHP 7.2 或更低版本(正如罗伯特在下面回答的那样):


If you have PHP 7.2 or lower (as Robert's answered below):

setcookie('key', 'value', time()+(7*24*3600), "/; SameSite=None; Secure");

如果您的主机已经更新到 PHP 7.3,您可以使用(感谢 Mahn 的评论):

If your host is already updated to PHP 7.3, you can use (thanks to Mahn's comment):

setcookie('cookieName', 'cookieValue', [
  'expires' => time()+(7*24*3600,
  'path' => '/',
  'domain' => 'domain.com',
  'samesite' => 'None',
  'secure' => true,
  'httponly' => true
]);

您可以尝试检查 cookie 的另一件事是启用下面的标志,用他们自己的话来说,将为可能受此更改影响的每个 cookie 添加控制台警告消息":

Another thing you can try to check the cookies, is to enable the flag below, which—in their own words—"will add console warning messages for every single cookie potentially affected by this change":

chrome://flags/#cookie-deprecation-messages

查看完整代码:https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md,他们也有 same-site-cookies 的代码.

See the whole code at: https://github.com/GoogleChromeLabs/samesite-examples/blob/master/php.md, they have the code for same-site-cookies too.

相关文章