Firefox 错误:
Cookie“_myapp_session”很快就会被拒绝,因为它有 “sameSite”属性设置为“none”或无效值,没有 “安全”属性。要了解有关“sameSite”属性的更多信息,请阅读 https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
“要解决此问题,您必须将 Secure 属性添加到 SameSite=None cookie。”
在使用 Rails 6 时,如何将安全属性添加到我的 SameSite=None cookie 中?
我不想添加单独的 gem 来完成此操作。此错误随机出现,我认为是浏览器更改。 rails 6 有本地方法来解决这个问题吗?我看了这篇文章,
谢谢
【问题讨论】:
标签: ruby-on-rails ruby-on-rails-6
您可以将会话存储配置为在生产中使用安全 cookie,只需将其添加到初始化程序:
MyApp::Application.config.session_store :cookie_store, key: '_my_app_session', secure: Rails.env.production?
您可能已经在config/initializers/session_store.rb 上拥有它。
Documentation 和 pertinent issue。这将在 Rails 6.1 中修复。
【讨论】:
您需要在 Rails 配置文件中添加这一行:
# Specify cookies SameSite protection level: either :none, :lax, or :strict.
#
# This change is not backwards compatible with earlier Rails versions.
# It's best enabled when your entire app is migrated and stable on 6.1.
Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
【讨论】:
config/application.rb(有关cookies_same_site_protection 选项的详细信息,请参阅the doc here):# config/application.rb
...
module YouAppName
class Application < Rails::Application
...
# Specify cookies SameSite protection level: either :none, :lax, or :strict.
# This change is not backwards compatible with earlier Rails versions.
# It's best enabled when your entire app is migrated and stable on 6.1.
# Was not in Rails 6.0. Default in rails 6.1 is :lax, not :strict
config.action_dispatch.cookies_same_site_protection = :strict
...
end
end
此行也可以添加到config/environments/development.rb、config/environments/production.rb 或根据您的需要添加到初始化程序中。
【讨论】: