Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Post an Article
Welcome To Ask or Share your Answers For Others

Categories

apache - 如何使用Apache配置设置SameSite Cookie属性?(How to set SameSite cookie attribute using Apache configuration?)

0 votes
405 views
in Technique[技术] by (71.8m points)

apache - 如何使用Apache配置设置SameSite Cookie属性?(How to set SameSite cookie attribute using Apache configuration?)

I am not able to see SameSite=Strict using builtin developer tools in the “Application” tab.

(我无法在“应用程序”选项卡中使用内置的开发人员工具看到SameSite = Strict。)

I have added below Header code in Apache configuration

(我在Apache配置中添加了以下标头代码) 

Header always edit Set-Cookie (.*) "$1;SameSite=Strict"
Header edit Set-Cookie ^(.*)$ $1;SameSite=Strict

Please let me know how to set SameSite=Strict using above settings.

(请让我知道如何使用以上设置来设置SameSite = Strict。)

  ask by Abhishek Habbu translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

In my local environment (Apache 2.4) after enabling mod_headers I was able to achive this by adding directives like below in my vhost:

(在启用mod_headers后,在我的本地环境(Apache 2.4)中,我可以通过在vhost中添加以下指令来实现此目的:) 

<ifmodule mod_headers.c>
Header always edit Set-Cookie (.*) "$1; SameSite=strict"
</ifmodule>

Where is the difference?

(区别在哪里?)

Why it didn't work for you?

(为什么对您不起作用?)

Mayby its lack of "space" after semicolon?

(分号后是否可能缺少“空格”?) 

<ifmodule mod_headers.c>
# always is similar to "onerrors"
        Header always edit Set-Cookie (.*) "$1; SameSite=strict"
# success is similar to http 2xx response code
        Header onsuccess edit Set-Cookie (.*) "$1; SameSite=strict"
# remove duplications (apache sends from both tables always and onsuccess)
        ## https://www.tunetheweb.com/security/http-security-headers/secure-cookies/
        #Strip off double SameSite=strict settings as using above you can sometimes get both
        Header edit Set-Cookie ^(.*);s?SameSite=strict;?s?(.*);s?SameSite=strict;?s?(.*)$ "$1; $2; $3; SameSite=strict"

        #Strip off double ;; settings
        Header edit Set-Cookie ^(.*);s?;s?(.*)$ "$1; $2"

</ifmodule>

[apache manual] ( https://httpd.apache.org/docs/2.2/de/mod/mod_headers.html )

([Apache手册]( https://httpd.apache.org/docs/2.2/de/mod/mod_headers.html ))

[stack discusion] ( httpd duplicate Access-Control-Allow-Origin with "Header always set" )

([堆栈讨论]( httpd复制了Access-Control-Allow-Origin,始终设置了“ Header” ))


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

Just Browsing Browsing

1.4m articles

1.4m replys

5 comments

57.0k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...