search

nullpe1994 / pokemon_card

0 stars 0 forks source link

cookie samesite #84

Open torabit opened 3 years ago

torabit commented 3 years ago

SameSIte属性をNoneにしてください。

  1. Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute

    1. Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

      Resolve this issue by updating the attributes of the cookie:

      • Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
      • Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests.
    2. AFFECTED RESOURCES
      1. 1 cookie
        1. Name | Domain & Path -- | -- AWSALB | www.pokemon-card.com/
      • Learn more: SameSite cookies explained
  1. Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute

    1. Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

      Resolve this issue by updating the attributes of the cookie:

      • Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
      • Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.
    2. AFFECTED RESOURCES
      1. 10 cookies
        1. Name | Domain & Path -- | -- _ga | .pokemon-card.com/ _gcl_au | .pokemon-card.com/ __lt__cid | .www.pokemon-card.com/ _ts_yjad | .pokemon-card.com/ _gid | .pokemon-card.com/ __SID | www.pokemon-card.com/ __utma | .pokemon-card.com/ __utmc | .pokemon-card.com/ __utmz | .pokemon-card.com/ AWSALB | www.pokemon-card.com/
      • Learn more: SameSite cookies explained

参考記事

nullpe1994 commented 3 years ago

https://teratail.com/questions/288630 これでできそう

nullpe1994 commented 3 years ago

https://www.fixes.pub/program/36617.html もしくはこっち

nullpe1994 commented 3 years ago

https://www.ecbeing.net/contents/detail/235 cookieにnoneを指定するにはhttps通信にしないといけなさそう。

nullpe1994 commented 3 years ago

https://www.ecbeing.net/contents/detail/235 cookieにnoneを指定するにはhttps通信にしないといけなさそう。

※windowsだと証明書発行しなくてもできそう? https://www.aruse.net/entry/2019/03/30/123348

nullpe1994 commented 3 years ago

https://www.ecbeing.net/contents/detail/235 cookieにnoneを指定するにはhttps通信にしないといけなさそう。

cookieに追記はこれでできた。 https://note.com/gotokatsuya/n/n4a54c4f790c5