p3p

iFrames Iexplorer doesn't write or read sessions (or cookies)

会有一股神秘感。 提交于 2019-12-13 20:48:47
问题 I built a form to submit data step by step. In between steps data is carried on from step 1 to step 2 and so on. That data is needed. 50% of the visitors access the form from different sites using an iframe. Initially the data was stored in cookies. That worked in almost every browser, except iexplorer. I played for days with P3P but gave up. Nothing changed whatsoever. I then read that sessions didn't have this problem. So i changed the whole loginsystem to sessions. Now I am testing the

常用标准请求头字段

一笑奈何 提交于 2019-12-12 08:46:26
给服务器发请求的时候有请求头,接受服务器响应的时候有响应头,客户端和服务器端互相沟通需要的信息都是通过这些“头”来传送,这些信息是一些类似key:value的键值对。了解这些“头”中字段的含义对于理解整个请求过程有很大的帮助。这里列举了常用的“头”字段的解释以及例子,本文可以作为工具文收藏,以备需要时查看。 常用标准请求头字段 Accept 设置接受的内容类型 Accept: text/plain Accept-Charset 设置接受的字符编码 Accept-Charset: utf-8 Accept-Encoding 设置接受的编码格式 Accept-Encoding: gzip, deflate Accept-Datetime 设置接受的版本时间 Accept-Datetime: Thu, 31 May 2007 20:35:00 GMT Accept-Language 设置接受的语言 Accept-Language: en-US Authorization 设置HTTP身份验证的凭证 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== Cache-Control 设置请求响应链上所有的缓存机制必须遵守的指令 Cache-Control: no-cache Connection 设置当前连接和hop-by

IE9 Separate cookies for third party request

£可爱£侵袭症+ 提交于 2019-12-12 00:08:31
问题 Even though my P3P headers are correct, IE9 seems to hold a separate list for third party requests. I've added the following P3P header('P3P:CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT", policyref="http://domain/w3c/p3p.xml"') Of course with domain properly set. It's created by the IBM tool. Next to that I've created the p3p xml file and tested it with p3p validation. Once I call a test file stating nothing more then <?php header ('P3P:CP="NOI DSP COR CURa ADMa DEVa

How to configure p3p policy on Azure

主宰稳场 提交于 2019-12-11 16:14:51
问题 Our app is hosted in Facebook. As you know, Facebook hosts third party app in an IFrame. You may also know that if a web site in an Iframe, and parent website is on a different domain, then 3rd party (cross domain) cookies that do not have a compact policy will be blocked in IE for Medium privacy settings. So one needs to configure a compact p3p policy for a web site. My general question is: What is the recommended way to do this on Azure. I would appreciate any documentations on this. I

Facebook, IE and P3P

心已入冬 提交于 2019-12-10 20:57:50
问题 For the last few weeks I'm trying to locate a problem with session cookie saving in IE. Our application is running inside an iFrame, so the cookies are considered 3rd party. I'm aware of the P3P header required by IE 6 and 7, but for some reason I still see many IE6/7 users which never save cookies. I'm also unable to reproduce it on our own machines. I tried the following P3P header: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\" Does anyone knows the exact

Google Server gives a server error with the first request in private browsing mode

别来无恙 提交于 2019-12-10 17:57:09
问题 Whenever I run the url https://scholar.google.com/citations?user=N7m4vIQAAAAJ&hl=en in private windows of Safari and Google Chrome, Google gives an errors. It happens only on the first request with private browsing mode. Anybody knows why this happens only in specific environment? This has been happening since 3 days ago. -- an error message and a capture Server Error We're sorry but it appears that there has been an internal server error while processing your request. Our engineers have been

P3P Policy not working to allow 3rd party cookies in IE

青春壹個敷衍的年華 提交于 2019-12-09 05:54:56
问题 Thanks in advance for helping a first-time poster. I've been banging my head on the wall all day... I have a site that must be able to function and set cookies while running inside a frame. In IE, with default security settings, this is a problem, because a framed site's cookies are treated as third party. Now, I've read all the info on P3P, and I've created a compact privacy policy, served via HTTP header, an XML policy file, and an XML reference file. I have checked, and the header is being

常见的Web攻击手段——CSRF攻击

人盡茶涼 提交于 2019-12-07 00:26:48
一、什么是CSRF攻击? 跨站请求伪造(Cross-Site Request Forgery, CSRF),恶意网站通过脚本向当前用户浏览器打开的其它页面的 URL 发起恶意请求,由于同一浏览器进程下 Cookie 可见性,导致用户身份被盗用,完成恶意网站脚本中指定的操作。 尽管听起来跟XSS跨站脚本攻击有点相似,但事实上CSRF与XSS差别很大,XSS利用的是站点内的信任用户,而CSRF则是通过伪装来自受信任用户的请求来利用受信任的网站。 你可以这么理解CSRF攻击:攻击者盗用了你的身份,以你的名义向第三方网站发送恶意请求。 CRSF能做的事情包括利用你的身份发邮件、发短信、进行交易转账等,甚至盗取你的账号。 二、 CSRF攻击原理 CSRF的攻击原理如下图所示。 首先用户C浏览并登录了受信任站点A; 登录信息验证通过以后,站点A会在返回给浏览器的信息中带上已登录的cookie,cookie信息会在浏览器端保存一定时间(根据服务端设置而定); 完成这一步以后,用户在没有登出(清除站点A的cookie)站点A的情况下,访问恶意站点B; 这时恶意站点 B的某个页面向站点A发起请求,而这个请求会带上浏览器端所保存的站点A的cookie; 站点A根据请求所带的cookie,判断此请求为用户C所发送的。 因此,站点A会报据用户C的权限来处理恶意站点B所发起的请求

Zend Framework - Internet Explorer - phpsessid cookie issue

馋奶兔 提交于 2019-12-05 20:03:06
I've created a Zend Framework Website App session intensive. It works great in Chrome and Firefox but it is not working in IE. The session resets every page in IE. Looking into the headers I find that IE browser is getting a different phpsessid cookie in every get or post within the same browser so the session is not working. In FF and Chrome the phpsessid cookie persists ok. Anyone knows why this can happend only in IE? I have this code in bootstrap.php: $generalSession = new Zend_Session_Namespace('MyNameHere'); $generalSession ->setExpirationSeconds(1000 * 60); I recover the session using:

does p3p allows parent frame to read my cookies?

徘徊边缘 提交于 2019-12-05 10:05:16
问题 I am trying to understand the technical implications for setting a compact p3p header in my Facebook application. Someone has said to me that setting the p3p header in my site (iframe) will allow Facebook (parent) to read my cookies. I do not believe this is the case and from my understanding the p3p is (just) a legal binding between me (as a site owner) and the user (internet explorer). If someone can point me to an authoritative information that explains this (in human readble words) I'd be
订阅 p3p