fix: samesite problem in cors request after chrome 80

After Chrome 80, the default samesite in cookie will be set to `Lax`. And i am try to fix it. Disable SameSite policy when deploy by tls. For more detail about Chrome 80, checkout: - https://support.google.com/chrome/a/thread/27911174/chrome-80-release-notes-are-now-live?hl=en - https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html For more detail about SameSite, checkout: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
2025-05-23 22:37:41 +08:00 · 2021-06-11 12:48:57 +08:00 · 2021-06-11 12:48:57 +08:00 · 3b04746278
commit 3b04746278
parent 8af9f78abc
1 changed files with 16 additions and 1 deletions
--- a/app.js
+++ b/app.js
@ -21,6 +21,7 @@ exec('npm info NeteaseCloudMusicApi version', (err, stdout, stderr) => {
 })

 const app = express()
+app.set('trust proxy', true)

 // CORS & Preflight request
 app.use((req, res, next) => {
@ -93,7 +94,21 @@ fs.readdirSync(path.join(__dirname, 'module'))
      question(query, request)
        .then((answer) => {
          console.log('[OK]', decodeURIComponent(req.originalUrl))
-          res.append('Set-Cookie', answer.cookie)
+
+          const cookies = answer.cookie
+          if (Array.isArray(cookies) && cookies.length > 0) {
+            if (req.protocol === 'https') {
+              // Try to fix CORS SameSite Problem
+              res.append(
+                'Set-Cookie',
+                cookies.map((cookie) => {
+                  return cookie + '; SameSite=None; Secure'
+                }),
+              )
+            } else {
+              res.append('Set-Cookie', cookies)
+            }
+          }
          res.status(answer.status).send(answer.body)
        })
        .catch((answer) => {