前言
闲的蛋疼瞎折腾。。
通过Nginx保证全站HTTPS时小饼干的安全性 0.0
在 nginx 的 location 中配置
1 # 只支持 proxy 模式下设置,SameSite 不需要可删除,如果想更安全可以把 SameSite 设置为 Strict 2 proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
示例
1 server { 2 listen 443 ssl http2; 3 server_name www.cat73.org; 4 5 ssl_certificate /etc/letsencrypt/live/cat73.org/fullchain.pem; 6 ssl_certificate_key /etc/letsencrypt/live/cat73.org/privkey.pem; 7 8 ssl_trusted_certificate /etc/letsencrypt/live/cat73.org/chain.pem; 9 10 add_header X-XSS-Protection "1; mode=block"; 11 add_header X-Frame-Options SAMEORIGIN; 12 add_header Strict-Transport-Security "max-age=15768000"; 13 14 location / { 15 root /var/www/html; 16 } 17 18 location /api { 19 proxy_pass http://localhost:8080; 20 proxy_set_header Host $host; 21 proxy_set_header X-Real-IP $remote_addr; 22 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 23 # 在这里设置 24 proxy_cookie_path / "/; httponly; secure; SameSite=Lax"; 25 } 26 }
开始填坑之旅吧。。。