Firefox错误:
Cookie“ _myapp_session”将很快被拒绝,因为它具有 “ sameSite”属性设置为“ none”或无效值,而没有 “安全”属性。要了解有关“ sameSite”属性的更多信息,请阅读 https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
“要解决此问题,您必须将Secure属性添加到SameSite = None cookie。”
使用Rails 6时如何将secure属性添加到SameSite = None cookie中?
我不想添加单独的gem来完成此操作。此错误是随机出现的,假设浏览器已更改。导轨6是否有解决此问题的本地方法?我读了这篇文章,
谢谢
答案 0 :(得分:2)
您可以将会话存储配置为在生产中使用安全cookie,只需将其添加到初始化程序中即可:
MyApp::Application.config.session_store :cookie_store, key: '_my_app_session', secure: Rails.env.production?
您可能已经在config/initializers/session_store.rb上安装了它。
Documentation和pertinent issue。这将在Rails 6.1中修复。
答案 1 :(得分:0)
您需要在Rails配置文件中添加以下行:
# Specify cookies SameSite protection level: either :none, :lax, or :strict.
#
# This change is not backwards compatible with earlier Rails versions.
# It's best enabled when your entire app is migrated and stable on 6.1.
Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
答案 2 :(得分:0)
config/application.rb(有关 cookies_same_site_protection 选项的详细信息,请参阅 the doc here):# config/application.rb
...
module YouAppName
class Application < Rails::Application
...
# Specify cookies SameSite protection level: either :none, :lax, or :strict.
# This change is not backwards compatible with earlier Rails versions.
# It's best enabled when your entire app is migrated and stable on 6.1.
# Was not in Rails 6.0. Default in rails 6.1 is :lax, not :strict
config.action_dispatch.cookies_same_site_protection = :strict
...
end
end
此行也可以根据您的需要添加到 config/environments/development.rb、config/environments/production.rb 或初始化程序中。