我使用 mod_rewrite 设置一些 cookie,然后将用户重定向到目标 url。由于这些 cookie 在第三方环境中使用,我必须设置标志 SameSite=none。我试图通过 mod_headers 编辑 Set-Cookie 标头,但我没有让它工作。
我的 Apache 配置:
<VirtualHost *:80>
ServerName www.example.test
RewriteEngine on
RewriteRule ^/test/(.*)$ /test/$1 [CO=cookie1:1:.example.test:86400:/:true:true]
RewriteRule ^/test/(.*)$ /test/$1 [CO=cookie2:$1:.example.test:86400:/:true:true]
RewriteRule ^/test/(.*)$ http://www.example.test/test2/$1 [R,L]
Header always edit Set-Cookie ^(.*)$ "$1; SameSite=none"
Header always set X-Foo "bar"
Header always edit X-Foo ^(.*)$ "$1; SameSite=none"
</VirtualHost>
我的测试要求:
Connecting to 127.0.0.1:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 302 Found
Date: Tue, 04 Feb 2020 09:12:23 GMT
Server: Apache/2.4.6 (CentOS) PHP/7.2.27
X-Foo: bar; SameSite=none
Set-Cookie: cookie1=1; path=/; domain=.example.test; expires=Sat, 04-Apr-2020 09:12:23 GMT; secure; HttpOnly
Set-Cookie: cookie2=0815; path=/; domain=.example.test; expires=Sat, 04-Apr-2020 09:12:23 GMT; secure; HttpOnly
Location: http://www.example.test/test2/0815
Content-Length: 218
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Cookie coming from 127.0.0.1 attempted to set domain to 127.0.0.1
Cookie coming from 127.0.0.1 attempted to set domain to 127.0.0.1
Location: http://www.example.test/test2/0815
为什么编辑了 X-Foo 标头,但没有编辑 Set-Cookie 标头?