Cookie blocked/not saved in IFRAME in Internet Explorer

前端 未结 22 2122
死守一世寂寞
死守一世寂寞 2020-11-22 00:53

I have two websites, let\'s say they\'re example.com and anotherexample.net. On anotherexample.net/page.html, I have an IFRAME S

22条回答
  •  栀梦
    栀梦 (楼主)
    2020-11-22 01:08

    I've spend a large part of my day looking into this P3P thing and I feel the need to share what I've found out.

    I've noticed that the P3P concept is very outdated and seems only to be really used/enforced by Internet Explorer (IE).

    The simplest explanation is: IE wants you to define a P3P header if you are using cookies.

    This is a nice idea, and luckily most of the time not providing this header won't cause any issues (read browser warnings). Unless your website/web application is loaded into an other website using an (i)Frame. This is where IE becomes a massive pain in the ***. It will not allow you to set a cookie unless the P3P header is set.

    Knowing this I wanted to find an answer to the following two questions:

    1. Who cares? In other words, can I be sued if I put the word "Potato" in the header?
    2. What do other companies do?

    My findings are:

    1. No one cares. I'm unable to find a single document that suggests this technology has any legal weight. During my research I didn't find a single country around the world that has adopted a law that prevents you from putting the word "Potato" in the P3P header
    2. Both Google and Facebook put a link in their P3P header field referring to a page describing why they don't have a P3P header.

    The concept was born in 2002 and it baffles me that this outdated and legally unimplemented concept is still forced upon developers within IE. If this header doesn't have have any legal ramifications this header should be ignored (or alternatively, generate a warning or notification in the console). Not enforced! I'm now forced to put a line in my code (and send a header to the client) that does absolutely nothing.

    In short - to keep IE happy - add the following line to your PHP code (Other languages should look similar)

    header('P3P: CP="Potato"');
    

    Problem solved, and IE is happy with this potato.

提交回复
热议问题