我正在尝试在我的网站上使用javascript设置SameSite属性.该代码是
<script type="text/javascript">
document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;HttpOnly;SameSite=Lax";
</script>
正在设置cookie,但未设置SameSite属性.知道我在哪里吗?
谢谢
解决方法:
此属性只能由服务器(例如HttpOnly)在发送给浏览器的响应cookie中进行设置.如果您确实考虑了其用途(允许浏览器仅针对相同的原始请求发送此请求以防止CSRF),则是否允许设置客户端代码将毫无意义.
SameSite cookies let servers require that a cookie shouldn’t be sent
with cross-site requests, which somewhat protects against cross-site
request forgery attacks (CSRF). SameSite cookies are still
experimental and not yet supported by all browsers.