Drupal嵌入iframe的问题

admin 提交于 周二, 01/05/2021 - 14:44

iframe里的cookie需要设置SameSite=None,详细原因解释见:https://medium.com/trabe/cookies-and-iframes-f7cca58b3b9e

另外查到,Same origin需要有相同的协议(http或https),SameSite则不需要。

Nginx 1.19.3可以用proxy_cookie_flags的办法解决cookie问题,参考:

https://serverfault.com/questions/1010706/setup-samesite-none-value-in-nginx-webserver

 

Drupal 7方案(https),在settings.php文件里添加下面逻辑:

$conf['x_frame_options'] = '';

 

$currentCookieParams = session_get_cookie_params();

 

session_set_cookie_params(

    $currentCookieParams["lifetime"],

    '/; samesite=None',

    $currentCookieParams['domain'],

    $currentCookieParams["secure"],

    $currentCookieParams["httponly"]

);

Drupal 9可以试试这个模块:https://www.drupal.org/project/allow_iframed_site

添加新评论

Restricted HTML

  • 允许的HTML标签:<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id> <img src>
  • 自动断行和分段。
  • 网页和电子邮件地址自动转换为链接。
验证码
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
请输入"汉语"