问题
I've researched this subject alot. But one thing I don't get if it is possible to set a P3P tag in plain HTML? Just before the first -tag.
Im trying to get an iFrame-login solution to work in IE.
I have just found code example in PHP, ASP.NET and so on but not in plain HTLM, if that is even possible.
回答1:
I've encountered the same issue recently trying to serve static HTML from AWS S3.
Unfortunately, it is not possible to set Compact Policies without sending server-side response headers.
This means that you cannot set a Compact Policy on staticly-served HTML content.
Section 2.4.2 of the P3P deployment document explicitly mentions this (emphasis mine):
There is only one mechanism for sites to serve compact policies; they are sent as HTTP response headers. Thus, if a site is unable or unwilling to add HTTP response headers, compact policies cannot be used.
The HTML element META with the http-equiv attribute is sometimes used to simulate the effect of adding HTTP headers to HTML content. ... the http-equiv mechanism should not be used to send a P3P compact policy header, as this information may not be available to a client until after it has processed the cookies in the response.
The <meta http-equiv='p3p' content='CP="..."'/>
and <link rel="P3Pv1" href="...">
elements cannot set the Compact Policy either - it must be a response header.
The bottom line is this:
Are you able to send the p3p
response header?
Yes: Add the header with the appropriate policy and you are done.
No: You are out of luck and are unable to set a Compact Policy.
For Amazon S3:
The p3p
header is considered a user-defined key so it can only be added as x-amz-meta-p3p
.
Since x-amz-meta-p3p
!= p3p
the browser will not accept it as the correct header.
Therefore you cannot set a Compact Policy on AWS S3 content.
来源:https://stackoverflow.com/questions/24410195/set-p3p-code-in-html