Cookie blocked/not saved in IFRAME in Internet Explorer

前端 未结 22 2118
死守一世寂寞
死守一世寂寞 2020-11-22 00:53

I have two websites, let\'s say they\'re example.com and anotherexample.net. On anotherexample.net/page.html, I have an IFRAME S

相关标签:
22条回答
  • One solution that I haven't seen mentioned here, is using session storage instead of cookies. Of course this might not fit everyone's requirements, but for some cases it's an easy fix.

    0 讨论(0)
  • 2020-11-22 01:15

    This post provides some commentary on P3P and a short-cut solution that reduces the problems with IE7 and IE8.

    0 讨论(0)
  • 2020-11-22 01:16

    In Rails I am using this gem : https://github.com/merchii/rack-iframe Bawically it sets a set of abbreviations without a reference file: https://github.com/merchii/rack-iframe/blob/master/lib/rack/iframe.rb#L8

    It is easy to install when you dont care at all about the meaning of the p3p stuff.

    0 讨论(0)
  • 2020-11-22 01:17

    If anybody is looking for Apache line; we used this one.

    Header set P3P "CP=\"Thanks IE8\""

    It really didn't matter what we set CP value to, as long as there is the P3P header.

    0 讨论(0)
  • 2020-11-22 01:18

    This finally worked for me (after a lot of hastle and generating some policies using IBMs policy generator). You can downlod the policy generator here: http://www.softpedia.com/get/Security/Security-Related/P3P-Policy-Editor.shtml

    I was not able to download the generator from the official IBM website any more.

    I created these files in the root folder of my Web-App

    /index.php
    /w3c/policy.html (Human readable format)
    /w3c/p3p.xml
    /w3c/policy.p3p
    
    1. Index.php: Just send an additional header:
    header('P3P: policyref="/w3c/p3p.xml", CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV DEM"');
    
    1. Content of p3p.xml
    <META>
        <POLICY-REFERENCES>
            <POLICY-REF about="/w3c/policy.p3p#App">
                <INCLUDE>/</INCLUDE>
                <COOKIE-INCLUDE/>
            </POLICY-REF>
        </POLICY-REFERENCES>
    </META>
    
    1. Content of my policy.html file

    <html>
    <head>
    <STYLE type="text/css">
    title { color: #3333FF}
    </STYLE>
    <title>Privacy Statement for YOUR COMPANY NAME</title>
    </head>
    <body>
    <h1 class="title">Privacy Policy</h1>
    <!-- "About Us" section of privacy policy -->
    <h2>About Us</h2>
    <p>This is a privacy policy for YOUR COMPANY NAME.
    Our homepage on the Web is located at <a href="YOURWEBSITE">
    YOURWEBSITE</a>.
    The full text of our privacy policy is available on the Web at 
    <a href="ABSOLUTE URL OF THIS FILE">
    ABSOLUTE URL OF THIS FILE</a>
    This policy does not tell users where they can go to exercise their opt-in or opt-out options.
    <p>We invite you to contact us if you have questions about this policy.
    You may contact us by mail at the following address:
    <pre>FIRSTNAME LASTNAME
    YOUR ADDRESS HERE
    </pre>
    <p>You may contact us by e-mail at 
    <a href="mailto:info@YOURMAIL.de">
    info@YOURMAIL.eu</a>. 
    You may call us at TELEPHONENUMBER.
    <!-- "Privacy Seals" section of privacy policy -->
    <h2>Dispute Resolution and Privacy Seals</h2>
    <p>We have the following privacy seals and/or dispute resolution mechanisms.
    If you think we have not followed our privacy policy in some way, they can help you resolve your concern.
    <ul>
    <li>
    <b>Dispute</b>:
    Contact us for further information
    </ul>
    <!-- "Additional information" section of privacy policy -->
    <h2>Additional Information</h2>
    <p>
    This policy is valid for 1 day from the time that it is loaded by a client.
    </p>
    <!-- "Data Collection" section of privacy policy -->
    <h2>Data Collection</h2>
    <p>P3P policies declare the data they collect in groups (also referred to as "statements").
    This policy contains 1 data group.
    <hr width="50%" align="center">
    <h3>Group "App control data"</h3>
    <p>We collect the following information:
    <ul>
    <li>HTTP cookies</li>
    </ul>
    <p>This data will be used for the following purposes:</p>
    <ul>
    <li>Completion and support of the current activity.</li>
    <li>Web site and system administration.</li>
    <li>Research and development.</li>
    <li>Historical preservation.</li>
    <li>Other purposes<p>Control Flow of the application</p></li>
    </ul>
    <p>This data will be used by ourselves and our agents.
    <p>The data in this group has been marked as non-identifiable. This means that there is no
    reasonable way for the site to identify the individual person this data was collected from.
    <p>The following explanation is provided for why this data is collected:</p>
    <blockquote>This cookie data is only used to control the application within an iframe (e.g. a Facebook App)</blockquote>
    <!-- "Use of Cookies" section of privacy policy -->
    <hr width="50%" align="center">
    <h2>Cookies</h2>
    <p>Cookies are a technology which can be used to provide you with tailored information from a Web site. A cookie is an element of data that a Web site can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it.
    <p>Our site makes use of cookies.
    Cookies are used for the following purposes:
    <ul>
    <li>Site administration
    <li>Completing the user's current activity
    <li>Research and development
    <li>Other
    (Control Flow of the application)
    </ul>
    <!-- "Compact Policy Explanation" section of privacy policy -->
    <hr width="50%" align="center">
    <h2>Compact Policy Summary</h2>
    <p>The compact policy which corresponds to this policy is:
    <pre>
        CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV"
    </pre>
    <p>The following table explains the meaning of each field in the compact policy.
    <center><table width="80%" border="1" cols="2">
    <tr><td align="center" valign="top" width="20%"><b>Field</b></td><td align="center" valign="top" width="80%"><b>Meaning</b></td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>CP=</tt></td>
    <td align="left" valign="top" width="80%">This is the compact policy header; it indicates that what follows is a P3P compact policy.</td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>ALL</tt></td>
    <td align="left" valign="top" width="80%">
    Access to all collected information is available.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>DSP</tt></td>
    <td align="left" valign="top" width="80%">
    The policy contains at least one dispute-resolution mechanism.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>NID</tt></td>
    <td align="left" valign="top" width="80%">
    The information collected is not personally identifiable.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>CURa</tt></td>
    <td align="left" valign="top" width="80%">
    The data is used for completion of the current activity.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>ADMa</tt></td>
    <td align="left" valign="top" width="80%">
    The data is used for site administration.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>DEVa</tt></td>
    <td align="left" valign="top" width="80%">
    The data is used for research and development.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>HISa</tt></td>
    <td align="left" valign="top" width="80%">
    The data is used for historical archival purposes.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>OTPa</tt></td>
    <td align="left" valign="top" width="80%">
    The data is used for other purposes.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>OUR</tt></td>
    <td align="left" valign="top" width="80%">
    The data is given to ourselves and our agents.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>NOR</tt></td>
    <td align="left" valign="top" width="80%">
    The data is not kept beyond the current transaction.
    </td></tr>
    <tr><td align="left" valign="top" width="20%"><tt>NAV</tt></td>
    <td align="left" valign="top" width="80%">
    Navigation and clickstream data is collected.
    </td></tr>
    </table></center>
    <p>The compact policy is sent by the Web server along with the cookies it describes.
    For more information, see the P3P deployment guide at <a href="http://www.w3.org/TR/p3pdeployment">http://www.w3.org/TR/p3pdeployment</a>.
    <!-- "Policy Evaluation" section of privacy policy -->
    <hr width="50%" align="center">
    <h2>Policy Evaluation</h2>
    <p>Microsoft Internet Explorer 6 will evaluate this policy's compact policy whenever it is used with a cookie.
    The actions IE will take depend on what privacy level the user has selected in their browser (Low, Medium, Medium High, or High; the default is Medium.
    In addition, IE will examine whether the cookie's policy is considered satisfactory or unsatisfactory, whether the cookie is a session cookie or a persistent cookie, and whether the cookie is used in a first-party or third-party context.
    This section will attempt to evaluate this policy's compact policy against Microsoft's stated behavior for IE6.
    <p><b>Note:</b> this evaluation is currently experimental and should not be considered a substitute for testing with a real Web browser.
    <p><b>Satisfactory policy</b>: this compact policy is considered <em>satisfactory</em> according to the rules defined by Internet Explorer 6.
    IE6 will accept cookies accompanied by this policy under the High, Medium High, Medium, Low, and Accept All Cookies settings.
    </body></html>

    1. Content of policy.p3p
    <?xml version="1.0"?>
    <POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
        <!-- Generated by IBM P3P Policy Editor version Beta 1.12 built 2/27/04 1:19 PM -->
    
        <!-- Expiry information for this policy -->
        <EXPIRY max-age="86400"/>
    
    <POLICY
        name="App"
        discuri="ABSOLUTE URL TO policy.html"
        xml:lang="de">
        <!-- Description of the entity making this policy statement. -->
        <ENTITY>
        <DATA-GROUP>
    <DATA ref="#business.name">COMPANY NAME</DATA>
    <DATA ref="#business.contact-info.online.email">info@YOURMAIL.eu</DATA>
    <DATA ref="#business.contact-info.online.uri">YOURWEBSITE</DATA>
    <DATA ref="#business.contact-info.telecom.telephone.number">YOURPHONENUMBER</DATA>
    <DATA ref="#business.contact-info.postal.organization">FIRSTNAME LASTNAME</DATA>
    <DATA ref="#business.contact-info.postal.street">STREET</DATA>
    <DATA ref="#business.contact-info.postal.city">CITY</DATA>
    <DATA ref="#business.contact-info.postal.stateprov">STAGE</DATA>
    <DATA ref="#business.contact-info.postal.postalcode">POSTALCODE</DATA>
    <DATA ref="#business.contact-info.postal.country">Germany</DATA>
        </DATA-GROUP>
        </ENTITY>
    
        <!-- Disclosure -->
        <ACCESS><all/></ACCESS>
    
    
        <!-- Disputes -->
        <DISPUTES-GROUP>
            <DISPUTES resolution-type="service" service="YOURWEBSITE CONTACT FORM" short-description="Dispute">
                <LONG-DESCRIPTION>Contact us for further information</LONG-DESCRIPTION>
        <!-- No remedies specified -->
            </DISPUTES>
        </DISPUTES-GROUP>
    
        <!-- Statement for group "App control data" -->
        <STATEMENT>
            <EXTENSION optional="yes">
                <GROUP-INFO xmlns="http://www.software.ibm.com/P3P/editor/extension-1.0.html" name="App control data"/>
            </EXTENSION>
    
        <!-- Consequence -->
        <CONSEQUENCE>
    This cookie data is only used to control the application within an iframe (e.g. a Facebook App)</CONSEQUENCE>
    
        <!-- Data in this statement is marked as being non-identifiable -->
        <NON-IDENTIFIABLE/>
    
        <!-- Use (purpose) -->
        <PURPOSE><admin/><current/><develop/><historical/><other-purpose>Control Flow of the application</other-purpose></PURPOSE>
    
        <!-- Recipients -->
        <RECIPIENT><ours/></RECIPIENT>
    
        <!-- Retention -->
        <RETENTION><no-retention/></RETENTION>
    
        <!-- Base dataschema elements. -->
        <DATA-GROUP>
        <DATA ref="#dynamic.cookies"><CATEGORIES><navigation/></CATEGORIES></DATA>
        </DATA-GROUP>
    </STATEMENT>
    
    <!-- End of policy -->
    </POLICY>
    </POLICIES>
    
    0 讨论(0)
  • 2020-11-22 01:19

    I was investigating this problem with regard to login-off via Azure Access Control Services, and wasn't able to connect head and tails of anything.

    Then, stumbled over this post https://blogs.msdn.microsoft.com/ieinternals/2011/03/10/beware-cookie-sharing-in-cross-zone-scenarios/

    In short, IE doesn't share cookies across zones (eg. Internet vs. Trusted sites).

    So, if your IFrame target and html page are in different zone's P3P won't help with anything.

    0 讨论(0)
提交回复
热议问题