A cookie associated with a cross-site resource at http://tetris-back-end.herokuapp.com/ was set without the `SameSite` attribute.
尝试在前端设置cookie时出现该错误。这是在后端设置我的cookie的方式:
const sessionOptions: Options = {
store: new RedisStore({
client: redis as any,
}),
name: "qid",
secret: String(process.env.SECRET),
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: process.env.NODE_ENV === "development",
secure: process.env.NODE_ENV === "production",
sameSite: "none",
maxAge: 1000 * 60 * 60 * 24 * 7 * 365, // 7 years
},
};
因此将同一站点设置为无,但是我仍然遇到该错误。
我进行了一些探索,并在我的开始消息中控制了节点env。
app.listen(process.env.PORT, () => {
console.log(message, `NODE ENV: ${process.env.NODE_ENV} ?`);
});
它在本地打印development,并在Heroku日志中打印production。
当我在本地设置Cookie时,它可以工作,但出现错误:
A cookie associated with a resource at http://localhost/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
所以在本地是相同的代码(我在master上,并且都同步了)。当我这样做时它可以工作,但是由于NODE_ENV ===“ development”,它会将安全性设置为false。
我在这里认为重要的一点是,它确实看到我已经在本地设置SameSite = None,但是它并没有在生产中使用。
为什么要在本地将同一站点属性识别为已设置,但不能在生产版本中识别该属性?
任何帮助都是巨大的!谢谢!
答案 0 :(得分:0)
我在会话选项中注释掉了cookie对象,并且效果很好!
我引用了这篇对我有帮助的帖子:Cookie not set with express-session in production
const sessionOptions: Options = {
store: new RedisStore({
client: redis as any,
}),
name: "qid",
secret: String(process.env.SECRET),
resave: false,
saveUninitialized: false,
// cookie: {
// httpOnly: process.env.NODE_ENV === "development",
// // secure: process.env.NODE_ENV === "production",
// secure: "auto",
// sameSite: "none",
// maxAge: 1000 * 60 * 60 * 24 * 7 * 365, // 7 years
// },
};