How to set Chrome experimental option same-site-by-default-cookie in python selenium

问题

I suppose this should work:

from selenium import webdriver
options = webdriver.ChromeOptions()
options.add_experimental_option('same-site-by-default-cookies', 'true')
driver = webdriver.Chrome(chrome_options=options)

to enable samesite cookies restrictions scheduled for future chrome version. It is not, there is error:

selenium.common.exceptions.InvalidArgumentException: 
Message: invalid argument: cannot parse capability: goog:chromeOptions
from invalid argument: unrecognized chrome option: same-site-by-default-cookies

I can change option manually using chrome://flags and see it is working. However I would like to automate it and just run testing script to see it.

There is java code here: https://groups.google.com/forum/#!topic/chromedriver-users/cI8hj7eihRo which could do it, however I'm not sure, how to transfer it to python.

Is there any reference available, which would help me to set this option or different options?

回答1:

Tested on Chrome : Version 79.0.3945.130 (Official Build) (64-bit)

In Python you can use below code

    chrome_options = webdriver.ChromeOptions()
    experimentalFlags = ['same-site-by-default-cookies@1','cookies-without-same-site-must-be-secure@1']
    chromeLocalStatePrefs = { 'browser.enabled_labs_experiments' : experimentalFlags}
    chrome_options.add_experimental_option('localState',chromeLocalStatePrefs)
    driver = webdriver.Chrome(options=chrome_options)
    driver.get("https://www.bing.com")

Python selenium client will send the capabilities as below

[1579581631.792][INFO]: Starting ChromeDriver 79.0.3945.36 (3582db32b33893869b8c1339e8f4d9ed1816f143-refs/branch-heads/3945@{#614})
[1579581631.792][INFO]: Please protect ports used by ChromeDriver and related test frameworks to prevent access by malicious code.
[1579581632.264][INFO]: [f6b8433509c420fd317902f72b1d102d] COMMAND InitSession {
   "capabilities": {
      "alwaysMatch": {
         "browserName": "chrome",
         "goog:chromeOptions": {
            "args": [  ],
            "extensions": [  ],
            "localState": {
               "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
            }
         },
         "platformName": "any"
      },
      "firstMatch": [ {

      } ]
   },
   "desiredCapabilities": {
      "browserName": "chrome",
      "goog:chromeOptions": {
         "args": [  ],
         "extensions": [  ],
         "localState": {
            "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
         }
      },
      "platform": "ANY",
      "version": ""
   }
}

To check if its actually worked or not . Go to chrome://flags/

回答2:

You saw it right.

As per the article Chrome browser pushes SameSite cookie security overhaul Chrome have added SameSite support which will require web developers to control cookies to access cookies across sites, using the SameSite attribute of the Set-Cookie header, which can be Strict, Lax, or None.

In the Chromium Blog Improving privacy and security on the web @BenGalbraith [Director, Chrome Product Management] and @JustinSchuh [Director, Chrome Engineering] mentioned:

This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used.

This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default. We also announced our plan to eventually limit cross-site cookies to HTTPS connections, providing additional important privacy protections for our users.

upar...@gmail.com in the discussion WebDriver mechanism to test samesite cookie security overhaul? demonstrated that you can enable sameSite cookie flag using localState experimental options of chromedriver through Selenium as follows:

ChromeOptions chromeOptions = new ChromeOptions();
HashMap<String, Object> chromeLocalStatePrefs = new HashMap<String, Object>();
List<String> experimentalFlags = new ArrayList<String>();
experimentalFlags.add("same-site-by-default-cookies@1");
experimentalFlags.add("cookies-without-same-site-must-be-secure@1");
chromeLocalStatePrefs.put("browser.enabled_labs_experiments",experimentalFlags);
chromeOptions.setExperimentalOption("localState", chromeLocalStatePrefs);