漏洞
When a secured ArcGIS Online web map, application or dashboard is embedded in a website with a different domain, and the user authenticates with ArcGIS Online credentials to access the website, Chrome 80 SameSite cookie updates cause the embedded application to prompt for credentials instead of passing the cookie cross-domain to authenticate the signed-in user.
| 漏洞 ID 编号 | BUG-000129800 |
|---|---|
| 已提交 | April 1, 2020 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Online |
| 找到的版本 | 8.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 10.0 |
| 状态 | Duplicate |
附加信息
This is a duplicate of BUG-000131669. This issue is not reproducible if the dashboard, map and layers are all shared with the public. If they are only shared with the organization, a login prompt is expected.解决办法
This workaround may not be acceptable to end users as it requires changing Google Chrome to outdated security settings, but it works once Google Chrome updates to enforce the SameSite cookie changes.
- Go to chrome://Flags.
- Change the 'SameSite by default cookies' setting to 'Disabled'.
- Change the 'Cookies without SameSite must be secure' setting to 'Disabled'.
重现步骤
漏洞 ID: BUG-000129800
软件:
- ArcGIS Online
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序