-
-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
context.Response.SameSite = None 请求无效 #175
Comments
刚更新了版本,把这个一同添加了 |
在控制上标记OptionsAttribute属性,在get或post请求时会输出的 |
继承OptionsAttribute类重写SetResponse,自己把内容加到输出头上 public virtual void SetResponse(HttpRequest request, HttpResponse response)
{
HttpApiServer server = request.Server;
if (server.EnableLog(EventArgs.LogType.Debug))
server.Log(EventArgs.LogType.Debug, request.Session, $"{request.RemoteIPAddress} {request.Method} {request.Url} set options");
response.Header["Access-Control-Allow-Origin"] = AllowOrigin;
} |
感谢大佬给出解决方案,希望大佬下次有空的时候更新下AllowCredentials = "true" ,在除了"OPTIONS"之外的请求附带这个头(如果设置了的话) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
在设置cookie函数里面,无法自定义的设置SameSite这个参数,
只能通过
context.Response.SameSite = SameSiteType.None;
进行设置,但是SameSiteType.None构造的请求是
"SessionId=1234567;Path=/;Domain=some.com;Expires=Thu, 30 Jun 2022 18:41:16 GMT;HttpOnly;SameSite=None"
收到浏览器错误提示如下:
如果设置
context.Response.SameSite = SameSiteType.None;
SameSite=None
必须这样浏览器才认
SameSite=None; Secure
The text was updated successfully, but these errors were encountered: