通过web.config设置
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<!-- 增加 "SameSite=None" 到所有 cookies 中-->
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None;Secure" />
</rule>
<!-- 当 https 访问,增加 "Secure" 到所有 cookies 中 -->
<rule name="Add Secure" preCondition="No Secure">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; Secure" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=" negate="true" />
</preCondition>
<preCondition name="No Secure">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; Secure" negate="true" />
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
</rules>
</rewrite>
</system.webServer>
</configuration>
