当前位置:网站首页>The samesite problem of cross domain cookie of Chrome browser results in abnormal access to iframe embedded pages
The samesite problem of cross domain cookie of Chrome browser results in abnormal access to iframe embedded pages
2020-11-07 18:55:23 【Maiyuweng】
Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Problem reduction
We've been accessing normal systems all the time , Recently, the page has not been loaded .
- Preliminary analysis , The system is iframe Embedded third party system page , take iframe Copy the link in and you can access it separately , Eliminate problems with third-party systems .
- Try further , Put this linked iframe Put it in a brand new html The file cannot be accessed normally , Exclude the current system iframe Loading problem .
- Find the problem , Will be the new one html The file can be opened in the Firefox browser and can be accessed normally . The final positioning is browser compatibility , Current browser :Google Chrome , edition 85.0.4183.102( Official version ) (64 position ).
Open the browser console and find the interface request message 500 wrong , The following prompt appears on the console (Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute):
Cause analysis
Google stay 2020 year 2 month 4 Issue No. Chrome 80 edition (schedule:https://www.chromestatus.com/features/schedule) All third parties are blocked by default Cookie, That is to say, all Cookie add SameSite=Lax attribute (https://www.chromestatus.com/feature/5088147346030592), And refuse to be Secure Of Cookie Set to SameSite=None(https://www.chromestatus.com/feature/5633521622188032)
SameSite Is to prevent cross domain transmission cookie, To prevent CSRF Attacks and user tracking , This is to shield from the source CSRF Loophole .
About SameSite Introduction to properties , We can refer to Ruan Yifeng's 《Cookie Of SameSite attribute 》.
Among the above questions , When the current system accesses a third-party system , With some cookie In the past , And then by this SameSite The mechanism intercepted .
May be in Chrome 80 The following scenarios are affected
Component data returns relevant user data based on the login status of the third-party website API request
HTTP Local deployment
Solution
- Chrome The browser opens a new tab , Enter... In the address field respectively
chrome://flags/#same-site-by-default-cookies
chrome://flags/#cookies-without-same-site-must-be-secure
Then set both configurations to... As shown in the figure above Disabled
-
Don't use Google browser or downgrade Google browser to Chrome 79 Up to , And turn off automatic updates .
-
Deploy both systems on the same server , Through the same IP Homologous policy delivery cookie.
-
Buy SSL certificate , upgrade HTTP service , take API Switch to a HTTPS Protocol request , And check the response header for Set-Cookie Is it included in SameSite=None and Secure word .
版权声明
本文为[Maiyuweng]所创,转载请带上原文链接,感谢
边栏推荐
- C++ 数字、string和char*的转换
- C++学习——centos7上部署C++开发环境
- C++学习——一步步学会写Makefile
- C++学习——临时对象的产生与优化
- C++学习——对象的引用的用法
- C++编程经验(6):使用C++风格的类型转换
- Won the CKA + CKS certificate with the highest gold content in kubernetes in 31 days!
- C + + number, string and char * conversion
- C + + Learning -- capacity() and resize() in C + +
- C + + Learning -- about code performance optimization
猜你喜欢
-
C + + programming experience (6): using C + + style type conversion
-
Latest party and government work report ppt - Park ppt
-
在线身份证号码提取生日工具
-
Online ID number extraction birthday tool
-
️野指针?悬空指针?️ 一文带你搞懂!
-
Field pointer? Dangling pointer? This article will help you understand!
-
HCNA Routing&Switching之GVRP
-
GVRP of hcna Routing & Switching
-
Seq2Seq实现闲聊机器人
-
【闲聊机器人】seq2seq模型的原理
随机推荐
- LeetCode 91. 解码方法
- Seq2seq implements chat robot
- [chat robot] principle of seq2seq model
- Leetcode 91. Decoding method
- HCNA Routing&Switching之GVRP
- GVRP of hcna Routing & Switching
- HDU7016 Random Walk 2
- [Code+#1]Yazid 的新生舞会
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- HDU7016 Random Walk 2
- [code + 1] Yazid's freshman ball
- CF1548C The Three Little Pigs
- HDU7033 Typing Contest
- Qt Creator 自动补齐变慢的解决
- HALCON 20.11:如何处理标定助手品质问题
- HALCON 20.11:标定助手使用注意事项
- Solution of QT creator's automatic replenishment slowing down
- Halcon 20.11: how to deal with the quality problem of calibration assistant
- Halcon 20.11: precautions for use of calibration assistant
- “十大科学技术问题”揭晓!|青年科学家50²论坛
- "Top ten scientific and technological issues" announced| Young scientists 50 ² forum
- 求反转链表
- Reverse linked list
- js的数据类型
- JS data type
- 记一次文件读写遇到的bug
- Remember the bug encountered in reading and writing a file
- 单例模式
- Singleton mode
- 在这个 N 多编程语言争霸的世界,C++ 究竟还有没有未来?
- In this world of N programming languages, is there a future for C + +?
- es6模板字符
- js Promise
- js 数组方法 回顾
- ES6 template characters
- js Promise
- JS array method review
- 【Golang】️走进 Go 语言️ 第一课 Hello World
- [golang] go into go language lesson 1 Hello World