当前位置:网站首页>Solve the problem of cross domain invalidation of cookies in the new version of Google Chrome browser

Solve the problem of cross domain invalidation of cookies in the new version of Google Chrome browser

2022-06-26 06:44:00 Like a sunflower~

         Google Chrome80 stay 2020 year 2 month 4 Version released on (schedule) Will gradually shield third parties Cookie, That is to say, all Cookie add SameSite=Lax attribute (Cookies default to SameSite=Lax), And refuse to be unsafe Cookie Set up SameSite=None attribute (Reject insecure SameSite=None cookies), This is to shield Cross Site Request Forgery from the source CSRF(Cross Site Request Forgery) Loophole .

resolvent

        Method 1

                 By deploying third-party agents ( for example nginx etc. ) Appoint SameSite Property to solve cross domain problems ( Premise : Need to deploy https)

modify nginx The configuration file 

server {
    listen 443 ssl;
    #  Certificate public key file path 
    ssl_certificate /xxx/xxx.pem;
    #  Certificate private key file path 
    ssl_certificate_key  /xxx/xxx.key;
    location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_redirect default;
        proxy_cookie_path / "/; secure; SameSite=None";
        client_max_body_size  1000M;
    }
    ......
}

         Method 2

                 Heterogeneous systems through reverse proxy , Configure as same domain (URL The agreement 、 Domain name and port are the same ), And then through nginx The agent accesses each system

nginx The configuration is as follows :

#user  root root;
worker_processes  1
events {
    worker_connections  1024;
}
http {
    include  mime.types;
    default_type application/octet-stream;
    sendfile  on;
    keepalive_timeout 65;
    server {
        listen       80;
        server_name  localhost 192.168.1.3;
        location /a/  {
            proxy_pass         http://192.168.1.1;
            proxy_set_header   Host             $host:$server_port;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size 100m;
            client_body_buffer_size 128k;
            proxy_connect_timeout 90;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
        }
        location /b/  {
            proxy_pass         http://192.168.1.2;
            proxy_set_header   Host             $host:$server_port;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            client_max_body_size 100m;
            client_body_buffer_size 128k;
            proxy_connect_timeout 90;
            proxy_send_timeout 300;
            proxy_read_timeout 300;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   /usr/share/nginx/html;
    }
    }
}

        Method 3

                  about http The system of , modify chrome The security policy

1、 open chrome, Input 

chrome://flags/

2、 Search for 

SameSite by default cookies

Find the following two items , And it's all set to Disable

SameSite by default cookies
Cookies without SameSite must be secure

Be careful : Chrome 91 edition (2021 year 5 month 26 Japan ) After the update , The following configuration items have been removed by default , This solution can no longer solve

原网站

版权声明
本文为[Like a sunflower~]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/177/202206260637017951.html

边栏推荐

猜你喜欢

随机推荐