英文:
SameSite attribute in asp.net mvc application
问题
我使用 asp.net mvc 开发了一个网站,并使用了一些第三方库。当我在本地运行时,在我的控制台中显示以下消息。
一个与 http://dtscdn.com/ 的跨站资源关联的 Cookie 在没有
SameSite
属性的情况下被设置。Chrome 的一个未来版本将只会在跨站请求中传递带有SameSite=None
和Secure
属性设置的 Cookie。您可以在开发者工具中的 Application>Storage>Cookies 下查看 Cookie,并在 https://www.chromestatus.com/feature/5088147346030592 和 https://www.chromestatus.com/feature/5633521622188032 查看更多详细信息。
这是什么?为什么会出现这个消息?是否存在安全问题?
英文:
I have developed a website using asp.net mvc and i've used some third party libraries.When i run in locally then it shows me following message in my Console.
>>A cookie associated with a cross-site resource at http://dtscdn.com/ was set without the SameSite
attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None
and Secure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
What is this ? Why this came ? any security issue ?
答案1
得分: 2
Chrome正在改变cookie的工作方式。您正在使用一种将来会破坏的策略。最新版本的ASP.NET允许您设置一个SameSite=None属性,可以解决这个问题。请参考下面的Microsoft链接以获取所需的useragent和属性设置。
参考链接:https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/
https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite
英文:
Chrome is changing how cookies work. You are using a strategy that will break in the future. Latest version of ASP.NET allows you to set a SameSite=None attribute that would fix this. See the Microsoft link below for the needed useragent and attribute settings.
References: https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/
https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论