@alicloud/cookie
Advanced tools
@alicloud/cookie - npm Package Compare versions
Comparing version 1.6.2 to 1.6.3-beta.1
@@ -7,2 +7,8 @@ "use strict"; | ||
| }); | ||
| Object.defineProperty(exports, "canSetCookies", { | ||
| enumerable: true, | ||
| get: function get() { | ||
| return _canSetCookies.default; | ||
| } | ||
| }); | ||
| Object.defineProperty(exports, "deleteCookie", { | ||
@@ -26,2 +32,8 @@ enumerable: true, | ||
| }); | ||
| Object.defineProperty(exports, "getCookies", { | ||
| enumerable: true, | ||
| get: function get() { | ||
| return _getAllCookies.default; | ||
| } | ||
| }); | ||
| Object.defineProperty(exports, "setCookie", { | ||
@@ -36,2 +48,3 @@ enumerable: true, | ||
| var _setCookie = _interopRequireDefault(require("./util/set-cookie")); | ||
| var _deleteCookie = _interopRequireDefault(require("./util/delete-cookie")); | ||
| var _deleteCookie = _interopRequireDefault(require("./util/delete-cookie")); | ||
| var _canSetCookies = _interopRequireDefault(require("./util/can-set-cookies")); |
| "use strict"; | ||
| var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault"); | ||
| Object.defineProperty(exports, "__esModule", { | ||
@@ -8,3 +7,3 @@ value: true | ||
| exports.default = deleteCookie; | ||
| var _setCookie = _interopRequireDefault(require("./set-cookie")); | ||
| var _setCookie2 = require("./set-cookie"); | ||
| /** | ||
@@ -16,8 +15,10 @@ * 删除 cookie,其实设置一个过期时间为此刻之前的时间,浏览器会自动清理过期的 cookie(其实这里设不设值都无所谓) | ||
| domain = _ref.domain, | ||
| path = _ref.path; | ||
| (0, _setCookie.default)(name, '', { | ||
| path = _ref.path, | ||
| partitioned = _ref.partitioned; | ||
| (0, _setCookie2._setCookie)(name, '', { | ||
| domain: domain, | ||
| path: path, | ||
| days: -1 | ||
| days: -1, | ||
| partitioned: partitioned | ||
| }); | ||
| } |
@@ -31,5 +31,4 @@ "use strict"; | ||
| } | ||
| return result; | ||
| }, {}); | ||
| } |
@@ -11,3 +11,2 @@ "use strict"; | ||
| } | ||
| var d = new Date(); // 过期时间 | ||
@@ -14,0 +13,0 @@ |
@@ -7,8 +7,13 @@ "use strict"; | ||
| }); | ||
| exports._setCookie = _setCookie; | ||
| exports.default = setCookie; | ||
| var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty")); | ||
| var _deleteCookie = _interopRequireDefault(require("./delete-cookie")); | ||
| var _getExpireDate = _interopRequireDefault(require("./get-expire-date")); | ||
| var _getDomain = _interopRequireDefault(require("./get-domain")); | ||
| function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; } | ||
| function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { (0, _defineProperty2.default)(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; } | ||
| /** | ||
| * 设置 cookie,默认为时间为 180 天,设置 extra.days 为 0 可以保存为 session cookie | ||
| * | ||
| * | ||
| * HTTP 下,非 Iframe、Iframe 不跨域、Iframe 跨子域(跨全域都不行)成功的测试用例: | ||
@@ -32,3 +37,3 @@ * | ||
| */ | ||
| function setCookie(name, value) { | ||
| function _setCookie(name, value) { | ||
| var _ref = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {}, | ||
@@ -42,6 +47,8 @@ _ref$domain = _ref.domain, | ||
| sameSite0 = _ref.sameSite, | ||
| secure0 = _ref.secure; | ||
| secure0 = _ref.secure, | ||
| partitioned0 = _ref.partitioned; | ||
| var parts = ["".concat(name, "=").concat(encodeURIComponent(value)), "domain=".concat(domain), "path=".concat(path), "expires=".concat((0, _getExpireDate.default)(days))]; | ||
| var sameSite = sameSite0; | ||
| var secure = secure0; | ||
| var partitioned = partitioned0; | ||
@@ -59,3 +66,19 @@ // 自动 sameSite + secure | ||
| } | ||
| if (partitioned === true) { | ||
| parts.push('partitioned'); | ||
| } | ||
| document.cookie = parts.join('; '); | ||
| } | ||
| function setCookie(name, value) { | ||
| var options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {}; | ||
| try { | ||
| // xxx: 先强行干掉所有分区 Cookie | ||
| (0, _deleteCookie.default)(name, _objectSpread(_objectSpread({}, options), {}, { | ||
| partitioned: true | ||
| })); | ||
| // xxx: 先只设置非分区 Cookie | ||
| _setCookie(name, value, options); | ||
| } catch (e) { | ||
| // 静默处理 | ||
| } | ||
| } |
@@ -1,5 +0,7 @@ | ||
| export { default as getAllCookies } from './util/get-all-cookies'; | ||
| import { default as getAllCookies } from './util/get-all-cookies'; | ||
| export { getAllCookies, getAllCookies as getCookies }; | ||
| export { default as getCookie } from './util/get-cookie'; | ||
| export { default as setCookie } from './util/set-cookie'; | ||
| export { default as deleteCookie } from './util/delete-cookie'; | ||
| export type { ICookieSetOptions as CookieSetOptions, ICookieDeleteOptions as CookieDeleteOptions } from './types'; | ||
| export { default as canSetCookies } from './util/can-set-cookies'; | ||
| export type { ICookieSetOptions, ICookieSetOptions as CookieSetOptions, ICookieDeleteOptions, ICookieDeleteOptions as CookieDeleteOptions } from './types'; |
@@ -11,2 +11,3 @@ export interface ICookieOptions { | ||
| secure?: boolean; | ||
| partitioned?: boolean; | ||
| } | ||
@@ -13,0 +14,0 @@ export interface ICookieSetOptions extends ICookieOptions { |
@@ -5,2 +5,2 @@ import { ICookieDeleteOptions } from '../types'; | ||
| */ | ||
| export default function deleteCookie(name: string, { domain, path }?: ICookieDeleteOptions): void; | ||
| export default function deleteCookie(name: string, { domain, path, partitioned }?: ICookieDeleteOptions): void; |
@@ -23,2 +23,3 @@ import { ICookieSetOptions } from '../types'; | ||
| */ | ||
| export default function setCookie(name: string, value: string | number | boolean, { domain, path, days, sameSite: sameSite0, secure: secure0 }?: ICookieSetOptions): void; | ||
| export declare function _setCookie(name: string, value: string | number | boolean, { domain, path, days, sameSite: sameSite0, secure: secure0, partitioned: partitioned0 }?: ICookieSetOptions): void; | ||
| export default function setCookie(name: string, value: string | number | boolean, options?: ICookieSetOptions): void; |
| # CHANGELOG | ||
| ## 1.6.0 @法海 | ||
| * 由于 Chrome 即将开始强制禁用三方 Cookie,因此根据其 CHIPS 方案做了适配。 | ||
| ## 1.0.0 2020/11/30 @驳是 | ||
| * 开源第一版 | ||
| * 开源第一版。 |
| { | ||
| "name": "@alicloud/cookie", | ||
| "version": "1.6.2", | ||
| "version": "1.6.3-beta.1", | ||
| "description": "ConsoleBase Cookie", | ||
@@ -8,3 +8,3 @@ "license": "MIT", | ||
| "main": "build/cjs/index.js", | ||
| "module": "build/es/index.js", | ||
| "module": "build/esm/index.js", | ||
| "types": "build/types/index.d.ts", | ||
@@ -18,14 +18,11 @@ "author": { | ||
| }, | ||
| "keywords": [ | ||
| "util", | ||
| "cookie" | ||
| ], | ||
| "keywords": [], | ||
| "devDependencies": { | ||
| "@alicloud/console-toolkit-cli": "^1.2.30", | ||
| "@alicloud/console-toolkit-preset-component": "^1.2.61", | ||
| "@alicloud/demo-rc-elements": "^1.11.16", | ||
| "@alicloud/demo-rc-elements": "^1.13.0", | ||
| "@alicloud/ts-config": "^1.1.3", | ||
| "@types/react": "^17.0.48", | ||
| "@types/react": "^17.0.58", | ||
| "react": "^17.0.2", | ||
| "typescript": "^4.9.5" | ||
| "typescript": "^5.0.4" | ||
| }, | ||
@@ -38,7 +35,8 @@ "scripts": { | ||
| "build:bundle": "breezr build --engine webpack", | ||
| "build:typings": "tsc --outDir build/types --declaration --emitDeclarationOnly", | ||
| "build": "yarn build:esm && yarn build:cjs && yarn build:typings", | ||
| "clean": "rm -rf build" | ||
| "build:types": "tsc -p tsconfig-declaration.json --outDir build/types --declaration --emitDeclarationOnly", | ||
| "build": "yarn build:esm && yarn build:cjs && yarn build:types", | ||
| "clean": "rm -rf build", | ||
| "prepublishOnly": "yarn clean && yarn build" | ||
| }, | ||
| "gitHead": "056768173dd99b5af268df646c8a09eb08648920" | ||
| "gitHead": "e3daf0b177915f37e8beae4ecee204d8c62f9507" | ||
| } |
318
README.md
| # @alicloud/cookie | ||
| yet... another 饼干的获取和操作工具 | ||
| > (又一个)Cookie 的操作工具。 | ||
| ## INSTALL | ||
| ## 何时使用 | ||
| ```shell | ||
| tnpm i @alicloud/cookie -S | ||
| ``` | ||
| 需要读写浏览器 Cookie 时。本工具包有如下特点: | ||
| ## APIs | ||
| * 无任何额外的依赖。 | ||
| * 考虑了安全传输(HTTPS)和跨站点访问(iframe)的问题,以最佳实践设定 `SameSite` 和 `Secure` 字段。了解更多:《[在 HTTPS 和 iframe 下关于 SameSite + Secure 行为的研究][research-1]》 | ||
| * 考虑了三方 Cookie 禁用的问题,以最佳实践设定 `Partitioned` 字段。 | ||
| ## getAllCookies | ||
| ## API | ||
| 获取当前页面可以访问到的全部 cookie。 | ||
| ### `getCookies()` | ||
| 获取当前页面可以访问到的全部 Cookie。 | ||
| ```typescript | ||
| function getAllCookies(): object; | ||
| function getCookies(): Record<string, string>; | ||
| function getAllCookies(): Record<string, string>; | ||
| ``` | ||
| ## getCookie | ||
| `getAllCookies()` 是一个别名。 | ||
| 获取单个 cookie | ||
| ### `getCookie()` | ||
| 获取当前页面可以访问到的某一个特定的 Cookie。 | ||
| ```typescript | ||
@@ -29,18 +34,24 @@ function getCookie(name: string): string | undefined; | ||
| ## setCookie | ||
| ### `setCookie()` | ||
| 设置 cookie,设置 cookie,默认为时间为 180 天,设置 extra.days 为 0 可以保存为 session cookie(expires 为空) | ||
| 写 Cookie。 | ||
| ```typescript | ||
| function setCookie(name: string, value: string, extra: { | ||
| domain?: string; // 默认为当前页面的二级域名,如 `.aliyun.com`,如果是 IP 则为 IP,如 `127.0.0.1` | ||
| path?: string; // 默认 '/' | ||
| days?: number; // 默认 180,传入 `days: 0` 成为 session cookie | ||
| encoding?: boolean; // 默认 true,传入 `false` 可保存原始的值(比如 value 已经经过 base64 编码过) | ||
| // 默认为当前页面的二级域名,如 `.aliyun.com` | ||
| // 如果是 IP 则为 IP,如 `127.0.0.1` | ||
| domain?: string; | ||
| // 默认 '/' | ||
| path?: string; | ||
| // 默认 180,若传入 0 则 Cookie 的 expires 为空,即成为 Session Cookie | ||
| // 若传入 -1 则相当于删除 Cookie | ||
| days?: number; | ||
| // 默认 true,传入 false 可保存原始的值(比如 value 已经由 base64 编码过) | ||
| encoding?: boolean; | ||
| } = {}): void; | ||
| ``` | ||
| ## deleteCookie | ||
| ### `deleteCookie()` | ||
| 删除 cookie,其实设置一个过期时间为此刻之前的时间,浏览器会自动清理过期的 cookie | ||
| 删除特定 Cookie。本质上是设置 `expires` 为过去的时间,浏览器会自动清理过期的 Cookie。 | ||
@@ -54,269 +65,14 @@ ```typescript | ||
| ## SameSite + Secure 以及 HTTPS 和 Iframe 的影响 | ||
| ### `canSetCookies()` | ||
| 以下条件下: | ||
| 嗅探是否可以在当前页写 Cookie。 | ||
| * 协议 | ||
| + `http://` | ||
| + `https://` | ||
| * iframe | ||
| + 无 | ||
| + 不跨域 | ||
| + 跨子域 | ||
| + 跨全域 | ||
| 注意,如果浏览器只是禁用了三方 Cookie(而非完全禁用 Cookie 功能),那还是可以通过 CHIPS 方案在兼容的浏览器下写 Partitioned Cookie。 | ||
| SameSite 和 Secure 各值: | ||
| > 由于本方法不接受参数,所以命名为复数,而非用来特指的单数。 | ||
| * SameSite | ||
| + undefined | ||
| + Lax | ||
| + Strict | ||
| + None | ||
| * Secure | ||
| + true | ||
| + false | ||
| 在各个浏览器: | ||
| * 浏览器 | ||
| + Firefox | ||
| + Chrome | ||
| + Safari | ||
| 下对 set cookie 的影响。 | ||
| ### 测试脚本 | ||
| 注意,在 Iframe 下,需通过浏览器的 Console 切换到对应的 Iframe 上下文。 | ||
| ```javascript | ||
| (() => { | ||
| function setCookie(name, value, { | ||
| path = '/', | ||
| sameSite, | ||
| secure | ||
| } = {}) { | ||
| const parts = [ | ||
| `${name}=${encodeURIComponent(value)}`, | ||
| // `domain=${domain}`, | ||
| `path=${path}` | ||
| ]; | ||
| if (sameSite !== undefined) { | ||
| parts.push(`sameSite=${sameSite}`); | ||
| } | ||
| if (secure !== undefined) { | ||
| parts.push(`secure=${secure}`); | ||
| } | ||
| document.cookie = parts.join('; '); | ||
| } | ||
| function getCookie(name) { | ||
| return document.cookie.split(/\s*;\s*/).reduce((result, v) => { | ||
| const [cookieName, cookieValue] = v.split('='); | ||
| try { | ||
| result[cookieName] = decodeURIComponent(cookieValue); | ||
| } catch (err) { | ||
| } | ||
| return result; | ||
| }, {})[name]; | ||
| } | ||
| const TIME = Date.now(); | ||
| const ITEMS = [undefined, 'Lax', 'Strict', 'None'].reduce((result, sameSite) => { | ||
| [undefined, true, false].forEach(secure => { | ||
| const name = `TEST_SameSite_${sameSite}__Secure_${secure}`; | ||
| const value = `${sameSite}_${secure}_${TIME}`; | ||
| setCookie(name, value, { | ||
| sameSite, | ||
| secure | ||
| }); | ||
| const valueGet = getCookie(name); | ||
| result.push({ | ||
| name, | ||
| value, | ||
| valueGet, | ||
| sameSite, | ||
| secure, | ||
| result: valueGet === value ? '✅' : '❌' | ||
| }); | ||
| }); | ||
| return result; | ||
| }, []); | ||
| console.table(ITEMS, ['sameSite', 'secure', 'result']); | ||
| })(); | ||
| ```typescript | ||
| function canSetCookies(): boolean; | ||
| ``` | ||
| ### HTTP 非 Iframe | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `true` | ❌ | ❌ | ❌ | | ||
| | `undefined` | `false` | ❌ | ❌ | ❌ | | ||
| | Lax | `undefined` | ✅ | ✅ | ✅ | | ||
| | Lax | `true` | ❌ | ❌ | ❌ | | ||
| | Lax | `false` | ❌ | ❌ | ❌ | | ||
| | Strict | `undefined` | ✅ | ✅ | ✅ | | ||
| | Strict | `true` | ❌ | ❌ | ❌ | | ||
| | Strict | `false` | ❌ | ❌ | ❌ | | ||
| | None | `undefined` | ❌ | ❌ | ✅ | | ||
| | None | `true` | ❌ | ❌ | ❌ | | ||
| | None | `false` | ❌ | ❌ | ❌ | | ||
| ### HTTP Iframe 不跨域 | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `true` | ❌ | ❌ | ❌ | | ||
| | `undefined` | `false` | ❌ | ❌ | ❌ | | ||
| | Lax | `undefined` | ✅ | ✅ | ✅ | | ||
| | Lax | `true` | ❌ | ❌ | ❌ | | ||
| | Lax | `false` | ❌ | ❌ | ❌ | | ||
| | Strict | `undefined` | ✅ | ✅ | ✅ | | ||
| | Strict | `true` | ❌ | ❌ | ❌ | | ||
| | Strict | `false` | ❌ | ❌ | ❌ | | ||
| | None | `undefined` | ❌ | ❌ | ✅ | | ||
| | None | `true` | ❌ | ❌ | ❌ | | ||
| | None | `false` | ❌ | ❌ | ❌ | | ||
| ### HTTP(Iframe 跨子域) | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `true` | ❌ | ❌ | ❌ | | ||
| | `undefined` | `false` | ❌ | ❌ | ❌ | | ||
| | Lax | `undefined` | ✅ | ✅ | ✅ | | ||
| | Lax | `true` | ❌ | ❌ | ❌ | | ||
| | Lax | `false` | ❌ | ❌ | ❌ | | ||
| | Strict | `undefined` | ✅ | ✅ | ✅ | | ||
| | Strict | `true` | ❌ | ❌ | ❌ | | ||
| | Strict | `false` | ❌ | ❌ | ❌ | | ||
| | None | `undefined` | ❌ | ❌ | ✅ | | ||
| | None | `true` | ❌ | ❌ | ❌ | | ||
| | None | `false` | ❌ | ❌ | ❌ | | ||
| ### HTTP(Iframe 跨全域) | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ❌ | ❌ | ❌ | | ||
| | `undefined` | `true` | ❌ | ❌ | ❌ | | ||
| | `undefined` | `false` | ❌ | ❌ | ❌ | | ||
| | Lax | `undefined` | ❌ | ❌ | ❌ | | ||
| | Lax | `true` | ❌ | ❌ | ❌ | | ||
| | Lax | `false` | ❌ | ❌ | ❌ | | ||
| | Strict | `undefined` | ❌ | ❌ | ❌ | | ||
| | Strict | `true` | ❌ | ❌ | ❌ | | ||
| | Strict | `false` | ❌ | ❌ | ❌ | | ||
| | None | `undefined` | ❌ | ❌ | ❌ | | ||
| | None | `true` | ❌ | ❌ | ❌ | | ||
| | None | `false` | ❌ | ❌ | ❌ | | ||
| ### HTTPS 非 Iframe | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `true` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `false` | ✅ | ✅ | ✅ | | ||
| | Lax | `undefined` | ✅ | ✅ | ✅ | | ||
| | Lax | `true` | ✅ | ✅ | ✅ | | ||
| | Lax | `false` | ✅ | ✅ | ✅ | | ||
| | Strict | `undefined` | ✅ | ✅ | ✅ | | ||
| | Strict | `true` | ✅ | ✅ | ✅ | | ||
| | Strict | `false` | ✅ | ✅ | ✅ | | ||
| | None | `undefined` | ❌ | ❌ | ✅ | | ||
| | None | `true` | ✅ | ✅ | ✅ | | ||
| | None | `false` | ✅ | ✅ | ✅ | | ||
| ### HTTPS 在 Iframe 下(不跨域) | ||
| `a.com` 页面通过 Iframe 内嵌 `a.com` 页面,在内层 `a.com` 页面上进行测试。 | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `true` | ✅ | ✅ | ✅ | | ||
| | `undefined` | `false` | ✅ | ✅ | ✅ | | ||
| | Lax | `undefined` | ✅ | ✅ | ✅ | | ||
| | Lax | `true` | ✅ | ✅ | ✅ | | ||
| | Lax | `false` | ✅ | ✅ | ✅ | | ||
| | Strict | `undefined` | ✅ | ✅ | ✅ | | ||
| | Strict | `true` | ✅ | ✅ | ✅ | | ||
| | Strict | `false` | ✅ | ✅ | ✅ | | ||
| | None | `undefined` | ❌ | ❌ | ✅ | | ||
| | None | `true` | ✅ | ✅ | ✅ | | ||
| | None | `false` | ✅ | ✅ | ✅ | | ||
| ### HTTPS 在 Iframe 下(跨子域) | ||
| `xx.a.com` 页面通过 Iframe 内嵌 `yy.a.com` 页面,在 `yy.a.com` 页面上进行测试。 | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ❌ | ✅ | | ||
| | `undefined` | `true` | ✅ | ❌ | ✅ | | ||
| | `undefined` | `false` | ✅ | ❌ | ✅ | | ||
| | Lax | `undefined` | ❌ | ❌ | ✅ | | ||
| | Lax | `true` | ❌ | ❌ | ✅ | | ||
| | Lax | `false` | ❌ | ❌ | ✅ | | ||
| | Strict | `undefined` | ❌ | ❌ | ✅ | | ||
| | Strict | `true` | ❌ | ❌ | ✅ | | ||
| | Strict | `false` | ❌ | ❌ | ✅ | | ||
| | None | `undefined` | ❌ | ❌ | ✅ | | ||
| | None | `true` | ✅ | ✅ | ✅ | | ||
| | None | `false` | ✅ | ✅ | ✅ | | ||
| ### HTTPS 在 Iframe 下(跨全域) | ||
| `a.com` 页面通过 Iframe 内嵌 `b.com` 页面,在 `b.com` 页面上进行测试。 | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ❌ | ❌ | | ||
| | `undefined` | `true` | ✅ | ❌ | ❌ | | ||
| | `undefined` | `false` | ✅ | ❌ | ❌ | | ||
| | Lax | `undefined` | ❌ | ❌ | ❌ | | ||
| | Lax | `true` | ❌ | ❌ | ❌ | | ||
| | Lax | `false` | ❌ | ❌ | ❌ | | ||
| | Strict | `undefined` | ❌ | ❌ | ❌ | | ||
| | Strict | `true` | ❌ | ❌ | ❌ | | ||
| | Strict | `false` | ❌ | ❌ | ❌ | | ||
| | None | `undefined` | ❌ | ❌ | ❌ | | ||
| | None | `true` | ✅ | ✅ | ❌ | | ||
| | None | `false` | ✅ | ✅ | ❌ | | ||
| ## 总结 | ||
| HTTP 下,非 Iframe、Iframe 不跨域、Iframe 跨子域(跨全域都不行)成功的测试用例: | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | `undefined` | `undefined` | ✅ | ✅ | ✅ | | ||
| | Lax | `undefined` | ✅ | ✅ | ✅ | | ||
| | Strict | `undefined` | ✅ | ✅ | ✅ | | ||
| HTTPS 下,非 Iframe、Iframe 不跨域、Iframe 跨子域、Iframe 跨全域(Safari 都不行)成功的测试用例: | ||
| | SameSite | Secure | Firefox | Chrome | Safari | | ||
| |--------------|-------------|---------|--------|--------| | ||
| | None | `true` | ✅ | ✅ | ✅ | | ||
| | None | `false` | ✅ | ✅ | ✅ | | ||
| 默认逻辑: | ||
| 1. 若 HTTP,则 `SameSite` 和 `secure` 不设置 | ||
| 2. 若 HTTPS,则 `sameSite=None; secure=true`(前提是使用者不设置 `sameSite` 和 `secure`) | ||
| [research-1]: ./docs/research-on-https-and-iframe.md |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by32.18%
37285
- Number of package files
- increased by32.14%
37
- Lines of code
- increased by57.22%
555
Worsened metrics
- Number of low quality alerts
- increased by100%
2
- Number of lines in readme file
- decreased by-76.01%
77
No dependency changes