SameSite属性在ASP.NET MVC应用程序中的用法

huangapple go评论65阅读模式
英文:

SameSite attribute in asp.net mvc application

问题

我使用 asp.net mvc 开发了一个网站,并使用了一些第三方库。当我在本地运行时,在我的控制台中显示以下消息。

一个与 http://dtscdn.com/ 的跨站资源关联的 Cookie 在没有 SameSite 属性的情况下被设置。Chrome 的一个未来版本将只会在跨站请求中传递带有 SameSite=NoneSecure 属性设置的 Cookie。您可以在开发者工具中的 Application>Storage>Cookies 下查看 Cookie,并在 https://www.chromestatus.com/feature/5088147346030592https://www.chromestatus.com/feature/5633521622188032 查看更多详细信息。

这是什么?为什么会出现这个消息?是否存在安全问题?

英文:

I have developed a website using asp.net mvc and i've used some third party libraries.When i run in locally then it shows me following message in my Console.

>>A cookie associated with a cross-site resource at http://dtscdn.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

What is this ? Why this came ? any security issue ?

答案1

得分: 2

Chrome正在改变cookie的工作方式。您正在使用一种将来会破坏的策略。最新版本的ASP.NET允许您设置一个SameSite=None属性,可以解决这个问题。请参考下面的Microsoft链接以获取所需的useragent和属性设置。

参考链接:https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/
https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite

英文:

Chrome is changing how cookies work. You are using a strategy that will break in the future. Latest version of ASP.NET allows you to set a SameSite=None attribute that would fix this. See the Microsoft link below for the needed useragent and attribute settings.

References: https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/
https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite

huangapple
  • 本文由 发表于 2020年1月7日 02:38:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/59617250.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定