Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
767 views
in Technique[技术] by (71.8m points)

c# - How to set SameSite cookie attribute to explicit None ASP NET Core

Chrome 76 will begin to support an explicit SameSite: None attribute

https://web.dev/samesite-cookies-explained/

I found that the current implementation of ASP.NET Core treats SameSiteMode.None as a no-op and does not send any attribute. How can I add a custom attribute to a cookie and thereby add an explicit SameSite: None to the cookie text?

Appending the attribute to the cookie value does not work as HttpResponse.Cookies.Append url-encodes the cookie value.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Same issue occurs in ASP.NET as in ASP.NET Core.

Until Microsoft produce a fix, a hack that's working for me is to replace

myCookie.Path = "/";
myCookie.SameSite = SameSiteMode.None;     // has no effect

with

myCookie.Path = "/; SameSite=None";

This adds SameSite=None to the set-cookie header in the HTTP response.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...