即使我的express应用程序具有以下设置,控制台中仍会显示以下警告。有没有人看过这个错误?我的搜索将我带到https://github.com/expressjs/express/issues/3095
我也在使用express:4.17.1
let COOKIE_OPTIONS = { httpOnly: true, sameSite: 'None', secure: true };
A cookie associated with a cross-site resource at http://MYURL.URL was set
without the `SameSite` attribute. A future release of Chrome will only deliver
cookies with cross-site requests if they are set with `SameSite=None` and
`Secure`. You can review cookies in developer tools under
Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.
使用Insomia(邮递员)进行请求时,我看到以下内容
access_token=someToken;
Path=/;
HttpOnly;
Secure;
SameSite=None
答案 0 :(得分:5)
文档链接:https://www.npmjs.com/package/express-session#cookiesamesite
以下代码将解决您的问题。也建议继续进行。
const express = require('express');
const session = require('express-session');
const app = express();
const sessionConfig = {
secret: 'MYSECRET',
name: 'appName',
resave: false,
saveUninitialized: false,
store: store,
cookie : {
sameSite: 'strict', // THIS is the config you are looing for.
}
};
if (process.env.NODE_ENV === 'production') {
app.set('trust proxy', 1); // trust first proxy
sessionConfig.cookie.secure = true; // serve secure cookies
}
app.use(session(sessionConfig));
根据您的情况,将sameSite
设置为'none'
编辑更新: CaptainAdmin
指出的已修复问题答案 1 :(得分:0)
据我所知,这是关于chrome将来将要实施的警告
Cookie上的samesite选项:从Chrome 80开始,未指定SameSite属性的Cookie会被视为SameSite = Lax,并具有仍会包含在POST请求中的额外行为,以简化现有的过渡网站。
任何其他信息:https://www.chromium.org/updates/same-site
如果要测试网页,本文介绍了如何设置Chrome标记进行测试。如果您的页面停止运行,则必须检查所有请求并查看“ http://”到“ https://”的更新,或检查第三方Cookie
答案 2 :(得分:0)
您可以在不使用任何节点包的情况下设置这些选项.. 仅使用 Express 像这样:
app.get('/', (req,res)=>{
//.....Other Code
res.cookie('cookieName', 'cookieValue', { sameSite: 'none', secure: true})
//.....Other Code
})