iframe里的cookie需要设置SameSite=None,详细原因解释见:https://medium.com/trabe/cookies-and-iframes-f7cca58b3b9e
另外查到,Same origin需要有相同的协议(http或https),SameSite则不需要。
Nginx 1.19.3可以用proxy_cookie_flags的办法解决cookie问题,参考:
https://serverfault.com/questions/1010706/setup-samesite-none-value-in-nginx-webserver
Drupal 7方案(https),在settings.php文件里添加下面逻辑:
$conf['x_frame_options'] = '';
$currentCookieParams = session_get_cookie_params();
session_set_cookie_params(
$currentCookieParams["lifetime"],
'/; samesite=None',
$currentCookieParams['domain'],
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
Drupal 9可以试试这个模块:https://www.drupal.org/project/allow_iframed_site
评论