I-Chrome izovikela ekudlulisweni kwamakhukhi avela eceleni nokuhlonza okufihliwe

Darkcrizt

Imizuzu ye-4

i-Google Chrome

i-Google Chrome

I-Google imemezele ukwethulwa kwezinguquko ezizayo ku-Chrome, okuhloselwe ukuthuthukisa ubumfihlo. Okokuqala ingxenye yezinguquko isho ukuphathwa kwamakhukhi nokusekelwa kwemfanelo ye-SameSite.

Ukuqala ngokukhishwa kwenguqulo ye-Chrome engu-76 (kulindeleke ngoJulayi),  kuzokwenziwa kusebenze uphawu oluthi "site-by-default-cookies" ukuthi, lapho ingekho imfanelo yeSameSite kusihloko se-Set-Cookie, inani "SameSite = Lax" lizobekwa ngokuzenzakalela, elikhawulela ukuthunyelwa kwamakhukhi.

Okokufaka kwesayithi lomuntu wesithathu (kepha amasayithi asazokwazi ukususa umkhawulo, kusobala ngokusetha i-SameSite = Akukho lapho kusethwa ikhukhi).

Nikeza I-SameSite ivumela isiphequluli sewebhu (I-Chrome) chaza izimo lapho ukudluliswa kwamakhukhi kwamukeleka khona lapho isicelo sivela kusayithi lomuntu wesithathu.

Njengamanje, isiphequluli sithumela amakhukhi kunoma yisiphi isicelo esizeni lapho amakhukhi abekelwe khona, noma ngabe elinye isayithi livulwa ekuqaleni futhi ucingo lwenziwa ngokungaqondile ngokulanda isithombe noma ngokusebenzisa iframe.

Mayelana neSameSite

Amanethiwekhi wesikhangiso asebenzisa lesi sici ukulandela ngomkhondo ukuhamba kwabasebenzisi phakathi kwamasayithi nabahlaseli ukuhlela ukuhlaselwa kwe-CSRF(Lapho kuvulwa insiza elawulwa ngabahlaseli, isicelo sifihlwa emakhasini aso siye kwesinye isayithi lapho umsebenzisi wamanje aqinisekiswa khona, futhi isiphequluli somsebenzisi sisethela amakhukhi eseshini leso sicelo.)

Ngakolunye uhlangothi, amandla okuthumela amakhukhi kumasayithi avela eceleni asetshenziselwa ukufaka amawijethi emakhasini, ngokwesibonelo, ukuhlanganisa ne-YouTube noma ne-Facebook.

Ngokusebenzisa imfanelo ye-SameSite, ungalawula ukusebenza lapho usetha amakhukhi futhi vumela ukuthunyelwa kwamakhukhi kuphela ekuphenduleni izicelo eziqaliwe ezivela kusayithi lapho lawo makhukhi atholwe khona ekuqaleni.

I-SameSite ingathatha amanani amathathu "aqinile", "iLax" nethi "Akukho".

Kumodi eqinile ("Eqinile")- Amakhukhi awathunyelwa noma yiluphi uhlobo lwezicelo ezinqamula isiza, kufaka phakathi zonke izixhumanisi ezingenayo ezivela kumasayithi angaphandle.

Kwindlela "Lax": Kunemikhawulo ethambile futhi ukudluliswa kwamakhukhi kuvinjelwe kuphela izicelo zesiza esinjengesicelo sesithombe noma ukulanda okuqukethwe nge-iframe.

Umehluko phakathi kwe - "" Strict "ne-" Lax "wehlela ekuvimbeleni amakhukhi lapho isixhumanisi silandelwa.

Olunye ushintsho

Kwezinye izinguquko ezizayo ezilindelwe kuzinguqulo ezizayo ze-Chrome, kuhlelwe ukusebenzisa umkhawulo oqinile ovimbela ukucubungula amakhukhi wenkampani yangaphandle yezicelo ezingenayo i-HTTPS (ngemfanelo SameSite = Akukho, amakhukhi angasethwa kuphela kwimodi ephephile).

Ngaphezu kwalokho, umsebenzi uhlelelwe ukuvikela ekusetshenzisweni kweminwe yesiphequluli, kufaka phakathi izindlela zokwenza okokuhlonza kususelwa kwimininingwane engaqondile njengokuxazululwa kwesikrini, uhlu lwezinhlobo ze-MIME ezisekelwayo, amapharamitha athile kumaheda (i-HTTP / 2 ne-HTTPS), ukuhlaziywa yama-plugins namafonti afakiwe.

Kanye nokutholakala kwama-API athile wewebhu, Imisebenzi yokunikela ekhadini leVidiyo isebenzisa i-WebGL ne-Canvas, ukukhohlisa kwe-CSS, ukuhlaziywa kwezimpawu zegundane nezikhibhodi.

Ngaphezu kwalokho, i-Chrome izoba nokuvikelwa ku-lukuhlukunyezwa okuhambisana ne- ubunzima bokubuyela ekhasini lokuqala ngemuva kokushintshela kwenye indawo (ukuqaliswa okuhle, ngokumelene nezindawo ezikuthumela phakathi kwamakhasi).

Sikhuluma ngomkhuba wokusuthisa umlando wokuguqulwa ngochungechunge lokuqondisa kabusha okuzenzakalelayo noma ngokungezelela ukufaka okufakiwe kumlando wokuphequlula (nge-pushState), ngenxa yalokho umsebenzisi angakwazi ukusebenzisa inkinobho ethi «Emuva» ukubuyela emuva ikhasi langempela ngemuva kokushintshwa okungahleliwe noma ukuphindiselwa kabusha okuphoqelelwe kusayithi lokukhwabanisa.

Ukuvikela ekukhohlisweni okunjalo, I-Chrome kusiphathi senkinobho yangemuva izokweqa izingodo ezihlotshaniswa nokudlulisela phambili futhi zivakashele ukukhohlisa komlando, kushiya amakhasi avulekile kuphela ngezenzo zomsebenzisi ezicacile.

Umthombo: https://blog.chromium.org/


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   pablo kusho
    kwenza iminyaka 4

    Ikhukhi lisethwe kanjani?

    Phendula pablo