跨域黄色提示forum.php:1 A cookie associated with a cross

跨域黄色提示forum.php:1 A cookie associated with a cross

跨域黄色提示forum.php:1 A cookie associated with a cross-site resource at / was set

 我们有个站最近打开比较慢一直在处理木马问题和研究其他问题，这个问题也是顺便看到。

只要加载就会有这4段

forum.php:1 A cookie associated with a cross-site resource at / was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .
forum.php:1 A cookie associated with a cross-site resource at / was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .
forum.php:1 A cookie associated with a cross-site resource at / was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .
forum.php:1 A cookie associated with a cross-site resource at / was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .

上面提示有baidu 想得通加了有百度统计，发现有提示360，打开application  查看cookies 发现有360统计后台去找才发现很早之前 百度和360 统计放在一起添加的

SameSite 属性

Cookie 的SameSite属性用来限制第三方 Cookie，从而减少安全风险。

有以下解决方案：

第一、在head头部加入

<?php header("Set-Cookie: key=value; path=/; domain=*.xxxx; Secure; SameSite=None"); ?>

第二、在cookie中追加属性 SameSite=None

在cookie中追加属性 SameSite=None

http {...map $http_user_agent $samesite_attr {"~*chrome"    ';Secure;SameSite=None';}...server {location / {...            proxy_cookie_path ~/(.*) "/$1$samesite_attr";}}
}

如果有加cdn 直接在服务商处

在响应头中设置 Set-Cookie 取值 SameSite=None 和 Secure

第三、修改谷歌浏览器配置

Chrome访问地址 chrome://flags/
搜索"SameSite"，修改为disable