admin管理员组文章数量:1327685
I used Chrome's site audit tool, Lighthouse, and it has found the following issue on my site:
- Issue type: SameSite cookie
/tr/?id=…(www.facebook)
How can I resolve this issue?
Update
Here is what I get in the Issues panel:
Screenshot
Text
Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
-> Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
-> Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.
AFFECTED RESOURCES: 2 cookies: Name Domain & Path _ga .bootstrapcdn/ cppo .facebook/
1 request
?id=383112278961246&ev=fb_page_view&dl=https%3A%2F…rl=&if=false&ts=1621983787255&sw=1920&sh=1080&at=
I used Chrome's site audit tool, Lighthouse, and it has found the following issue on my site:
- Issue type: SameSite cookie
/tr/?id=…(www.facebook.)
How can I resolve this issue?
Update
Here is what I get in the Issues panel:
Screenshot
Text
Share edited May 25, 2021 at 23:12 Hooman Bahreini asked May 25, 2021 at 11:10 Hooman BahreiniHooman Bahreini 15.6k11 gold badges83 silver badges155 bronze badges 2Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
-> Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
-> Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.
AFFECTED RESOURCES: 2 cookies: Name Domain & Path _ga .bootstrapcdn./ cppo .facebook./
1 request
?id=383112278961246&ev=fb_page_view&dl=https%3A%2F…rl=&if=false&ts=1621983787255&sw=1920&sh=1080&at=
- Can you look in the Devtools console and share the error message it's referring to? – person_v1.32 Commented May 25, 2021 at 22:59
- @person_v1.32: thanks, I have updated the question. – Hooman Bahreini Commented May 25, 2021 at 23:15
1 Answer
Reset to default 6The SameSite
cookie attribute essentially tells the browser whether to send the cookie depending on the context of the request. There are three values the SameSite
attribute can take: Strict
, Lax
, and None
.
Strict
means that the cookie will be sent on a request only if the user is on the same site as the request.Lax
means the cookie will be also be sent on top-level navigations; i.e. if the user is navigating to the site from another site.None
will send the cookie on cross-site requests too.SameSite=None
must also be paired with theSecure
attribute, which prevents it from being sent overhttp:
.
For more details, see MDN or SameSite cookies explained (web.dev).
So, if the cookie was set by a server you control, you can fix this issue by explicitly setting the SameSite
attribute on the Set-Cookie
header.
In your case, it looks like the cookies are set by third-party resources (Bootstrap and Facebook). Because of this, I don't think you will have control over the attributes they set on their cookies. You can look into where those requests are ing from and remove those resources if you don't need them (which is good to do regardless). Otherwise, I wouldn't worry about it too much unless it is causing issues with the function of your site.
本文标签: javascriptHow to resolve Lighthouse39s SameSite cookie issueStack Overflow
版权声明:本文标题:javascript - How to resolve Lighthouse's SameSite cookie issue - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742220854a2435430.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论