Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

context.Response.SameSite = None 请求无效 #175

Open
senioi opened this issue Jun 5, 2022 · 5 comments
Open

context.Response.SameSite = None 请求无效 #175

senioi opened this issue Jun 5, 2022 · 5 comments

Comments

@senioi
Copy link

senioi commented Jun 5, 2022

在设置cookie函数里面,无法自定义的设置SameSite这个参数,
只能通过
context.Response.SameSite = SameSiteType.None;
进行设置,但是SameSiteType.None构造的请求是
"SessionId=1234567;Path=/;Domain=some.com;Expires=Thu, 30 Jun 2022 18:41:16 GMT;HttpOnly;SameSite=None"
收到浏览器错误提示如下:
image
如果设置
context.Response.SameSite = SameSiteType.None;
image

SameSite=None
必须这样浏览器才认
SameSite=None; Secure

image

@beetlex-io
Copy link
Owner

刚更新了版本,把这个一同添加了
Response.CookieSecure有这个属性设置

@senioi
Copy link
Author

senioi commented Jun 8, 2022

CookieSecure

感谢大佬回复,目前还有个问题,
AllowCredentials = "true" 目前FastHttpApi只回复OPTIONS请求,而POST或者GET(允许的请求)没有附带这个头
image
如果再次POST的时候,会收到如下提示:
image
这个错误是服务器没返回AllowCredentials = "true" ,应该是所有请求都要包含这个

@beetlex-io
Copy link
Owner

beetlex-io commented Jun 8, 2022

在控制上标记OptionsAttribute属性,在get或post请求时会输出的

@beetlex-io
Copy link
Owner

继承OptionsAttribute类重写SetResponse,自己把内容加到输出头上
以下是默认实现

        public virtual void SetResponse(HttpRequest request, HttpResponse response)
        {
            HttpApiServer server = request.Server;
            if (server.EnableLog(EventArgs.LogType.Debug))
                server.Log(EventArgs.LogType.Debug, request.Session, $"{request.RemoteIPAddress} {request.Method} {request.Url} set options");
            response.Header["Access-Control-Allow-Origin"] = AllowOrigin;
        }

@senioi
Copy link
Author

senioi commented Jun 8, 2022

onsAttribute类重写SetResponse,自己把内容加到输出头上
以下是默认实现

感谢大佬给出解决方案,希望大佬下次有空的时候更新下AllowCredentials = "true" ,在除了"OPTIONS"之外的请求附带这个头(如果设置了的话)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants