SameSite警告Chrome 77

自上次更新以来，我的Cookie出现错误，与SameSite属性相关。

Cookies来自第三方开发人员（Fontawesome，jQuery，Google Analytics，Google reCaptcha，Google Fonts等）。

Chrome控制台中的错误是这样的。

A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
(index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

我是否需要在本地计算机或服务器上做任何事情，或者只是它们应该在库的将来版本中实现的某些功能？

这个控制台警告不是错误或实际问题，Chrome只是在传播有关这一新标准的信息，以提高开发人员的采用率。

它与您的代码无关。这是他们的Web服务器必须支持的东西。

该修补程序的发布日期为2020年2月4日，每个日期：https : //www.chromium.org/updates/same-site

2020年二月：执行首次展示的Chrome 80稳定：SameSite按默认和SameSite =无-需要-安全的行为将开始推出Chrome浏览器80稳定的初始人口有限开始一周的2020 2月17日，不包括美国星期一的总统假期。从最初的有限阶段开始，通过逐步增加部署，我们将密切监视和评估生态系统的影响。

有关完整的Chrome发布时间表，请参见此处。

我通过添加响应标题解决了相同的问题

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

SameSite阻止浏览器发送cookie和跨站点请求。主要目标是减轻跨域信息泄漏的风险。它还提供了一些针对跨站点请求伪造攻击的保护。该标志的可能值为Lax或Strict。

SameSite Cookie 在这里说明

在应用任何选项之前，请先参考此内容。

希望这对您有帮助。

如果在localhost上进行测试，并且无法控制响应头，则可以使用chrome标志禁用它。

访问该网址并禁用它：chrome：// flags /＃same-site-by-default-cookies

我需要禁用它，因为Chrome Canary刚从大约V 82.0.4078.2开始执行此规则，现在它没有设置这些Cookie。

注意：我只会在用于开发的Chrome Canary中将此标志打开。出于Google引入Chrome浏览器的相同原因，最好不要为Chrome浏览器的日常使用打开该标志。

为了详细说明Rahul Mahadik的答案，此方法适用于MVC5 C＃.NET：

AllowSameSiteAttribute.cs

public class AllowSameSiteAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var response = filterContext.RequestContext.HttpContext.Response;

        if(response != null)
        {
            response.AddHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");
            //Add more headers...
        }

        base.OnActionExecuting(filterContext);
    }
}

HomeController.cs

    [AllowSameSite] //For the whole controller
    public class UserController : Controller
    {
    }

要么

    public class UserController : Controller
    {
        [AllowSameSite] //For the method
        public ActionResult Index()
        {
            return View();
        }
    }

通过在脚本标记中添加跨域来修复。

来自：https : //code.jquery.com/

<script
  src="https://code.jquery.com/jquery-3.4.1.min.js"
  integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
  crossorigin="anonymous"></script>

完整性和跨域属性用于子资源完整性（SRI）检查。这使浏览器可以确保第三方服务器上托管的资源未被篡改。每当从第三方源加载库时，建议使用SRI作为最佳实践。在srihash.org上阅读更多内容