P3P政策无法在IE中允许第三方Cookie [英] P3P Policy not working to allow 3rd party cookies in IE

问题描述

预先感谢您帮助首次发布者.我整天都在墙上撞头...

Thanks in advance for helping a first-time poster. I've been banging my head on the wall all day...

我有一个网站，必须能在框架内运行时运行并设置Cookie.在IE中，使用默认的安全设置，这是一个问题，因为框架网站的Cookie被视为第三方.现在，我已经阅读了有关P3P的所有信息，并创建了一个紧凑的隐私策略，该策略通过HTTP标头，XML策略文件和XML参考文件提供.我已经检查过，并且标题已正确发送，并且IE可以读取策略文件.

I have a site that must be able to function and set cookies while running inside a frame. In IE, with default security settings, this is a problem, because a framed site's cookies are treated as third party. Now, I've read all the info on P3P, and I've created a compact privacy policy, served via HTTP header, an XML policy file, and an XML reference file. I have checked, and the header is being sent properly, and IE can read the policy file.

但是，它仍然阻止该站点的cookie.我在这里创建了一个简化的示例: http://www.hankshelper.com/privtest.php 请注意，框架站点中的cookie被IE(6、7和8)阻止.

However, it is STILL blocking cookies from the site. I've created a stripped-down example here: http://www.hankshelper.com/privtest.php Note that cookies in the framed site are being blocked by IE (6, 7, and 8).

如果有人可以查看我的紧凑型政策

If anyone could check out my compact policy

Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR NID DEVi OUR BUS INT\""

和/或XML政策 http://www.searchtempest.com/w3c/searchtempest.xml

让我知道wtf，我将永远感激不已.我已将它们尽可能地精简了，但是我看不到IE会有任何问题. (当然，就其为什么阻止cookie而言，IE本身也非常冗长.)我很乐意提供您需要的任何其他信息.

and let me know wtf, I would be eternally grateful. I've stripped them down as much as possible, and I just can't see anything that IE would have a problem with. (And of course IE itself is wonderfully verbose as far as exactly WHY it's blocking cookies...) I'm happy to provide any additional information you need.

推荐答案

我不确定我们最初的紧凑型政策的哪一部分被拒绝了，但是我终于能够在其他一些资源的帮助下解决了这个问题.

I'm not certain what part of our original compact policy was being rejected, but I was finally able to solve this problem with the help of couple other resources.

从此处:

这大约是所需的最小HTTP标头，基本上 说我们不会收集您的任何个人数据":

This is approximately the minimum HTTP header needed, and it basically says "We’re not collecting any of your personal data":

P3P:CP ="NID DSP ALL COR"

P3P: CP="NID DSP ALL COR"

如果您实际上存储了一些数据，例如电子邮件地址和登录名 Cookie，此(也可行的)政策可能更正确:

If you actually store some data, such as email addresses and login cookies, this (also working) policy may be more correct:

P3P:CP =所有ADM DEV PSAi COM OUR OTRO STP IND ONL"

P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"

我们最终使用的政策是

ALL ADM DEV PSAo COM OUR OTRo IND ONL

所有紧凑型策略参数的描述都可以在这里找到: http://www.p3pwriter.com/LRN_111.asp

Descriptions of all the compact policy parameters can be found here: http://www.p3pwriter.com/LRN_111.asp

这篇关于P3P政策无法在IE中允许第三方Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！