<p><strong>快速概览</strong>:
我在域名1打开我的网站。在页面内部,我加载了一个带有url的iframe<em><strong>http://domain2/...</strong></em></p>
<p>我一直在chrome上收到这个警告,它影响了我的网站:</p>
<blockquote>
<p>A cookie associated with a cross-site resource at <em><strong>http://domain2</strong></em> was set without the <code>SameSite</code> attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with <code>SameSite=None</code> and <code>Secure</code>. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <a href="https://www.chromestatus.com/feature/5088147346030592" rel="nofollow noreferrer">https://www.chromestatus.com/feature/5088147346030592</a> and <a href="https://www.chromestatus.com/feature/5633521622188032" rel="nofollow noreferrer">https://www.chromestatus.com/feature/5633521622188032</a>.</p>
</blockquote>
<p>我以前从未设置过cookie,所以我不知道cookie应该从哪里设置。我已经尝试在我的<em><strong>域2</strong></em>nginx配置中设置<code>proxy_cookie_path</code>,但似乎不起作用:</p>
<pre><code>location / {
proxy_cookie_path / "/; SameSite=None; Secure";
}
</code></pre>
<p>我还尝试添加了<code>Set-Cookie</code>头,这似乎也不起作用:</p>
<pre><code>location / {
...
add_header 'Set-Cookie' 'SameSite=None; Secure';
}
</code></pre>
<p>当我尝试第二种解决方案时,似乎从chrome上的响应中收到了标题,但chrome给出了以下警告:</p>
<p><a href="https://i.stack.imgur.com/uxBRd.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/uxBRd.png" alt="enter image description here"/></a></p>
<p>请注意,<em><strong>域2</strong></em>也是我们的域,它有一个使用Flask框架的python后端。那么,我应该从python代码或javascript前端添加cookie吗</p>
<p>这真的令人沮丧</p>