- Chrome 51 开始,浏览器的 Cookie 新增加了一个SameSite属性,用来防止 CSRF 攻击和用户追踪。
- Chrome升级到80版本后,默认限制了cross-site携带cookie,导致cookie失效,报错如下
A cookie associated with a cross-site resource at http://XXX.XXX.XXX.XXXX/ was set without the `SameSite` attribute.
It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`.
解决方案1
在cookie中追加属性 secure; SameSite=None
- 注意:此方案可能由于某些浏览器不支持SameSite属性而使cookie无法正确传递
解决方案2
Chrome访问地址 chrome://flags/
搜索"SameSite",修改配置项如图
本文地址:https://blog.csdn.net/zhoudingding/article/details/107374885
