[英]Play Framework version 2.6/2.7 set PLAY_SESSION cookie to SameSite=None; Secure
There's many posts confirming that play supports the SameSite=None; Secure
有很多帖子确认 play 支持SameSite=None; Secure
SameSite=None; Secure
requirement. SameSite=None; Secure
要求。 However when configuring the session through config like this:但是,当通过这样的配置配置会话时:
...
play.http.session.httpOnly=true
play.http.session.sameSite="None"
play.http.session.secure=true
...
Chrome tells me that None is not getting set. Chrome 告诉我 None 没有设置。 See below:见下文:
To validate I'm on the right back-ported version(2.6.24) I implemented a filter to set other cookies I have control over and when I construct a cookie manually like this:为了验证我使用的是正确的向后移植版本 (2.6.24),我实现了一个过滤器来设置我可以控制的其他 cookie,以及当我像这样手动构建 cookie 时:
Cookie(
key,
value,
secure = true,
sameSite = Some(Cookie.SameSite.None)
)
Chrome will show that SameSite=None; Secure
Chrome 会显示SameSite=None; Secure
SameSite=None; Secure
does get set on those cookies. SameSite=None; Secure
确实在这些 cookie 上设置。 Which makes me think there's something with the config implementation that is not understanding None
the play docs indicate you can only pass Strict
or Lax
as well but I was hoping that was just a documentation error.这让我觉得配置实现有一些不理解的东西None
播放文档表明您也只能通过Strict
或Lax
,但我希望这只是一个文档错误。
EDIT: Confirmed cbley answer 2.6.25 works see below screen shot编辑:确认 cbley 回答 2.6.25 作品见下面的屏幕截图
这在 Play 版本 2.6.25 和 2.7.5 中已修复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.