간단 정리
chrome 정책이 바뀜 samesite를 처리하는 기본값을 바꿈(samesite여야 하는것으로)
(samesite=None => samesite=lax)
임시 처리 방법(위험합니다 개발할때만 하고 다시 설정을 되돌려 놓아야합니다)
크롬에서 아래 url로 접근 후 chrome://flags/#same-site-by-default-cookies SameSite by default cookies 를 Disabled 로 설정 후 (same-site-by-default-cookies)Relaunch 를 눌러줍니다.
아래 링크에서 이슈에 대해서 자세히(?) 설명해 줍니다.
issue with cross-site cookies: how to set cookie from backend to frontend
I'm currently developing my first webapp, frontend with React and backend with FastAPI. I'm trying to test it out jointly with Chrome-- see if the frontend makes the correct API calls to backend, and
stackoverflow.com
참고 자료
https://www.yceffort.kr/2020/01/chrome-cookie-same-site-secure/
Chrome Samesite 쿠키 정책
welcome to yceffort's blog
www.yceffort.kr
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Developers: Get Ready for New SameSite=None; Secure Cookie Settings
UPDATE (10/28/2019): We've revised the 2nd and 3rd bullet points in the section "How to Prepare; Known Complexities" below. In May, Chrome ...
blog.chromium.org
https://github.com/GoogleChromeLabs/samesite-examples
GoogleChromeLabs/samesite-examples
Examples of using the SameSite cookie attribute in a variety of language, libraries, and frameworks. - GoogleChromeLabs/samesite-examples
github.com
https://web.dev/samesite-cookies-explained/
SameSite cookies explained
Learn how to mark your cookies for first-party and third-party usage with the SameSite attribute. You can enhance your site's security by using SameSite's Lax and Strict values to improve protection against CSRF attacks. Specifying the new None attribute a
web.dev
https://www.chromestatus.com/feature/5088147346030592
Cookies default to SameSite=Lax - Chrome Platform Status
See also: https://www.chromestatus.com/feature/5633521622188032 (Cookies marked SameSite=None should also be marked Secure.) “SameSite” is a reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks, but developers current
www.chromestatus.com
https://blog.heroku.com/chrome-changes-samesite-cookie
https://www.netsparker.com/blog/web-security/same-site-cookies-by-default/
SameSite Cookies by Default in Chrome 76 and Above
The SameSite cookie attribute is used by bowsers to increase security. This article explains Chrome's . It also describes upcoming changes to the Same Site attribute and the new ‘cookies without SameSite must be secure’ feature.
www.netsparker.com
'프로젝트 설정' 카테고리의 다른 글
| [REDIS] Redis 설치 (for Windows 64bit) (0) | 2021.04.19 |
|---|---|
| [ubuntu] 프로젝트 배포 및 운영(python/aws/linux/git) (0) | 2021.04.14 |
| IntelliJ 에서 Kotlin 프로젝트 실행시 오류 모음 (0) | 2020.01.14 |
| node-gyp rebuild error (window) (0) | 2020.01.13 |
| python 2.7 install (window) 왕초보 주인용 (0) | 2020.01.13 |
