为什么我得到“通过指定其 SameSite 属性来指示是否在跨站点请求中发送 cookie”?

在谷歌 Chrome 浏览器的警告中,谷歌表示:

如果 Cookie 应该以跨站点请求的形式发送,则指定 SameSite = None 和 Secure。

如何使用 express-session正确地完成这项工作?

app.use(
cors({
credentials: true,
origin: ["http://localhost:3000", "https://elated-jackson-28b73e.netlify.app"] //Swap this with the client url
})
);
var sess = {
secret: 'keyboard cat',
cookie: {}
}


if (app.get('env') === 'production') {
app.set('trust proxy', 1) // trust first proxy
sess.cookie.secure = true // serve secure cookies
sess.cookie.sameSite = 'none'
}


app.use(session(sess))
88729 次浏览
小开

you are getting this because you are using a resource from another site and that server is attempting to set a "cookie" but, it does not have the SameSite attribute set, which is being reported in newer versions of browsers.

this (may) also be shown if you are trying to access the server page from local computer (xampp), which generally doesn't has SSL installed;

set the header line in your server page (if in PHP) as below:
header("Set-Cookie: cross-site-cookie=whatever; SameSite=None; Secure");

(remember: this must be solved from the server side.)

小开

i got the same issue when run my code in localhost. The affected resource is _ga, _gid, _utma, _utmz. All of them from unpkg.com and i got marker image leaflet failed request but doesnt affect the page.

since i dont understand what the specific problem so i just delete the affected resource cookies in inspect element and the code will run without notif again.

thought i know if it's better to not answer based by personal experience. just tell me if it's not help at all.

小开

If you are using Google login button or any other identity service add this:

<GoogleLogin onSuccess={() =>()} onError={() => ()} cookiePolicy='single-host-origin'/>

提交答案