does p3p allows parent frame to read my cookies?

徘徊边缘 提交于 2019-12-05 10:05:16

问题


I am trying to understand the technical implications for setting a compact p3p header in my Facebook application. Someone has said to me that setting the p3p header in my site (iframe) will allow Facebook (parent) to read my cookies.

I do not believe this is the case and from my understanding the p3p is (just) a legal binding between me (as a site owner) and the user (internet explorer).

If someone can point me to an authoritative information that explains this (in human readble words) I'd be very much obliged. I have read through all the w3c documents but could not find what I was looking for.


回答1:


No. The P3P header is used so the child frame can access the parent frame's cookies. The P3P header we use is:

P3P: CP="CAO PSA OUR"

I've only noticed P3P policies being checked in IE and Safari browsers - it's not a universally popular standard (to say the least). It's a pain to deal with, but once you know about it, you know about it. I'm not sure how legally binding they are, but you can use the header above to make sure your application works as expected and then modify the actual content to describe what private information you're requesting. We use this tool to generate P3P policies. Exporting the "simple" policy will give you what you need for the header.

Here's a link to Facebook documentation regarding P3P, scroll down to the Cookies in iframes/P3P Header section. Here's a forum post on the subject as well.




回答2:


P3P allows you to set 3rd party cookies in IE/Firefox.

It doesn't have anything to do with allowing parent iframe to access child iframe cookies.



来源:https://stackoverflow.com/questions/5462985/does-p3p-allows-parent-frame-to-read-my-cookies

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!