4

我无法在“应用程序”选项卡中使用内置开发人员工具看到 SameSite=Strict。

我在 Apache 配置中添加了下面的标头代码

Header always edit Set-Cookie (.*) "$1;SameSite=Strict"
Header edit Set-Cookie ^(.*)$ $1;SameSite=Strict

请让我知道如何使用上述设置设置 SameSite=Strict。

4

2 回答 2

20

对于 apache2 >= 2.2.4

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict

对于 apache2 低于 2.2.4

Header set Set-Cookie HttpOnly;Secure;SameSite=Strict
于 2019-12-01T17:23:19.207 回答
5

在启用 mod_headers 后,在我的本地环境(Apache 2.4)中,我可以通过在我的虚拟主机中添加如下指令来实现这一点:

<ifmodule mod_headers.c>
Header always edit Set-Cookie (.*) "$1; SameSite=strict"
</ifmodule> 

区别在哪里?为什么它对你不起作用?也许分号后缺少“空格”?

<ifmodule mod_headers.c>
# always is similar to "onerrors"
        Header always edit Set-Cookie (.*) "$1; SameSite=strict"
# success is similar to http 2xx response code
        Header onsuccess edit Set-Cookie (.*) "$1; SameSite=strict"
# remove duplications (apache sends from both tables always and onsuccess)
        ## https://www.tunetheweb.com/security/http-security-headers/secure-cookies/
        #Strip off double SameSite=strict settings as using above you can sometimes get both
        Header edit Set-Cookie ^(.*);\s?SameSite=strict;?\s?(.*);\s?SameSite=strict;?\s?(.*)$ "$1; $2; $3; SameSite=strict"

        #Strip off double ;; settings
        Header edit Set-Cookie ^(.*);\s?;\s?(.*)$ "$1; $2"

</ifmodule>

[apache 手册] ( https://httpd.apache.org/docs/2.2/de/mod/mod_headers.html )

[堆栈讨论](httpd 复制 Access-Control-Allow-Origin 并带有“标头始终设置”

于 2019-03-12T09:21:24.830 回答