SameSite=None .htaccess 正则表达式问题
Posted
技术标签:
【中文标题】SameSite=None .htaccess 正则表达式问题【英文标题】:SameSite=None .htaccess regex issue 【发布时间】:2020-05-30 23:56:57 【问题描述】:最新的 Chrome 更新要求将跨域 cookie 明确设置为 SameSite=None。 .htaccess 的以下正则表达式适用于 OSX 10.14 Safari 13.0.5 除外。 (此浏览器存在 SameSite=None 的错误),必须忽略。
<If "%HTTP_USER_AGENT !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-2].*Safari)/i">
Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure</If>
有谁知道如何修改上面的正则表达式以排除 Osx 10.14 Safari 版本?
此外,任何人都可以将所有其他不兼容的客户端组合到上面的正则表达式中 - 修复 SameSite=None 问题的单个正则表达式对每个人来说都是惊人的!谢谢
https://www.chromium.org/updates/same-site/incompatible-clients
bool isSameSiteNoneIncompatible(string useragent):
return hasWebKitSameSiteBug(useragent) ||
dropsUnrecognizedSameSiteCookies(useragent)
bool hasWebKitSameSiteBug(string useragent):
return isiosVersion(major:12, useragent) ||
(isMacosxVersion(major:10, minor:14, useragent) &&
(isSafari(useragent) || isMacEmbeddedBrowser(useragent)))
bool dropsUnrecognizedSameSiteCookies(string useragent):
if isUcBrowser(useragent):
return !isUcBrowserVersionAtLeast(major:12, minor:13, build:2, useragent)
return isChromiumBased(useragent) &&
isChromiumVersionAtLeast(major:51, useragent) &&
!isChromiumVersionAtLeast(major:67, useragent)
// Regex parsing of User-Agent string. (See note above!)
bool isIosVersion(int major, string useragent):
string regex = "\(iP.+; CPU .*OS (\d+)[_\d]*.*\) AppleWebKit\/"
// Extract digits from first capturing group.
return useragent.regexMatch(regex)[0] == intToString(major)
bool isMacosxVersion(int major, int minor, string useragent):
string regex = "\(Macintosh;.*Mac OS X (\d+)_(\d+)[_\d]*.*\) AppleWebKit\/"
// Extract digits from first and second capturing groups.
return (useragent.regexMatch(regex)[0] == intToString(major)) &&
(useragent.regexMatch(regex)[1] == intToString(minor))
bool isSafari(string useragent):
string safari_regex = "Version\/.* Safari\/"
return useragent.regexContains(safari_regex) &&
!isChromiumBased(useragent)
bool isMacEmbeddedBrowser(string useragent):
string regex = "^Mozilla\/[\.\d]+ \(Macintosh;.*Mac OS X [_\d]+\) "
+ "AppleWebKit\/[\.\d]+ \(Khtml, like Gecko\)$"
return useragent.regexContains(regex)
bool isChromiumBased(string useragent):
string regex = "Chrom(e|ium)"
return useragent.regexContains(regex)
bool isChromiumVersionAtLeast(int major, string useragent):
string regex = "Chrom[^ \/]+\/(\d+)[\.\d]* "
// Extract digits from first capturing group.
int version = stringToInt(useragent.regexMatch(regex)[0])
return version >= major
bool isUcBrowser(string useragent):
string regex = "UCBrowser\/"
return useragent.regexContains(regex)
bool isUcBrowserVersionAtLeast(int major, int minor, int build, string useragent):
string regex = "UCBrowser\/(\d+)\.(\d+)\.(\d+)[\.\d]* "
// Extract digits from three capturing groups.
int major_version = stringToInt(useragent.regexMatch(regex)[0])
int minor_version = stringToInt(useragent.regexMatch(regex)[1])
int build_version = stringToInt(useragent.regexMatch(regex)[2])
if major_version != major:
return major_version > major
if minor_version != minor:
return minor_version > minor
return build_version >= build
【问题讨论】:
【参考方案1】:这应该可以解决 osx 10.14.x 上 safari v13 的问题
<If "%HTTP_USER_AGENT !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-2].*Safari|Macintosh;.*Mac OS X 10_14.* AppleWebKit.*Version\x2F1[0-3].*Safari)/i">
Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure</If>
虽然还没有包含所有的铬补丁...
【讨论】:
以上是关于SameSite=None .htaccess 正则表达式问题的主要内容,如果未能解决你的问题,请参考以下文章
即使指定了 samesite=none,浏览器也会使用 samesite=lax
SameSite=None w/ IE11 中的安全中断 iFrame
ASP.Net 无法使用 SameSite=None 设置 cookie
最新的 Chrome 85 使用 SameSite=None 和安全删除 3rd 方 cookie