检查是否启用了第三方 cookie [英] Check if third-party cookies are enabled

查看:42
本文介绍了检查是否启用了第三方 cookie的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个应用程序需要检查客户端浏览器是否启用了第三方 cookie.有谁知道如何在 JavaScript 中做到这一点?

I have an application that needs to check whether the client browser has third-party-cookies enabled. Does anyone know how to do this in JavaScript?

推荐答案

技术背景

第三方套&通过 HTTP 读取 cookie(不是在 JavaScript 中).

Technical Background

The third party sets & reads cookies over HTTP (not in JavaScript).

所以我们需要向外部域发出两个请求来测试是否启用了第三方 cookie:

So we need two requests to an external domain to test if third-party cookies are enabled:

  1. 第三方设置 cookie 的地方
  2. 第二个,根据浏览器是否在第二个请求中将 cookie 发送回同一个第三方,响应不同.

由于 DOM 安全模型,我们不能使用 XMLHTTPRequest (Ajax).

We cannot use XMLHTTPRequest (Ajax) because of the DOM security model.

显然你不能同时加载两个脚本,或者第二个请求可能在第一个请求的响应返回之前,并且测试 cookie 将不会被设置.

Obviously you can't load both scripts in parallel, or the second request may be made before the first request’s response makes it back, and the test cookie(s) will not have been set.

给定:

  1. .html 文件在一个域中,并且

  1. The .html file is on one domain, and

.js.php 文件位于第二个域中,我们有:

The .js.php files are on a second domain, we have:

HTML 测试页

另存为third-party-cookies.html

<!DOCTYPE html>
<html>
<head id="head">
  <meta charset=utf-8 />
  <title>Test if Third-Party Cookies are Enabled</title>
<style type="text/css">
body {
  color: black;
  background: white none;
}
.error {
  color: #c00;
}
.loading {
  color: #888;
}
.hidden {
  display: none;
}
</style>
<script type="text/javascript">
window._3rd_party_test_step1_loaded = function(){
  // At this point, a third-party domain has now attempted to set a cookie (if all went to plan!)
  var step2Url = 'http://third-party.example.com/step2.js.php',
    resultsEl = document.getElementById('3rd_party_cookie_test_results'),
    step2El = document.createElement('script');

  // Update loading / results message
  resultsEl.innerHTML = 'Stage one complete, loading stage 2&hellip;';
  // And load the second part of the test (reading the cookie)
  step2El.setAttribute('src', step2Url);
  resultsEl.appendChild(step2El);
}
window._3rd_party_test_step2_loaded = function(cookieSuccess){
  var resultsEl = document.getElementById('3rd_party_cookie_test_results'),
    errorEl = document.getElementById('3rd_party_cookie_test_error');
  // Show message
  resultsEl.innerHTML = (cookieSuccess ? 'Third party cookies are <b>functioning</b> in your browser.' : 'Third party cookies appear to be <b>disabled</b>.');

  // Done, so remove loading class
  resultsEl.className = resultsEl.className.replace(/loading/,' ');
  // And remove error message
  errorEl.className = 'hidden';
}
</script>
</head>
<body id="thebody">

  <h1>Test if Third-Party Cookies are Enabled</h1>

  <p id="3rd_party_cookie_test_results" class='loading'>Testing&hellip;</p>
  <p id="3rd_party_cookie_test_error" class="error hidden">(If this message persists, the test could not be completed; we could not reach the third-party to test, or another error occurred.)</p>

  <script type="text/javascript">
  window.setTimeout(function(){
    var errorEl = document.getElementById('3rd_party_cookie_test_error');
    if(errorEl.className.match(/error/)) {
      // Show error message
      errorEl.className = errorEl.className.replace(/hidden/,' ');
    } else {
    }
  }, 7*1000); // 7 sec timeout
  </script>
  <script type="text/javascript" src="http://third-party.example.com/step1.js.php"></script>
</body>
</html>

第一个第三方 JavaScript 文件

另存为step1.js.php

这是用 PHP 编写的,因此我们可以在文件加载时设置 cookie.(当然,它可以用任何语言编写,甚至可以在服务器配置文件中完成.)

This is written in PHP so we can set cookies as the file loads. (It could, of course, be written in any language, or even done in server config files.)

<?php
  header('Content-Type: application/javascript; charset=UTF-8');
  // Set test cookie
  setcookie('third_party_c_t', 'hey there!', time() + 3600*24*2);
?>
window._3rd_party_test_step1_loaded();

第二个第三方 JavaScript 文件

另存为step2.js.php

这是用 PHP 编写的,因此我们可以在响应之前读取服务器端的 cookie.我们还清除了 cookie,以便可以重复测试(如果您想修改浏览器设置并重试).

This is written in PHP so we can read cookies, server-side, before we respond. We also clear the cookie so the test can be repeated (if you want to mess around with browser settings and re-try).

<?php
  header('Content-Type: application/javascript; charset=UTF-8');
  // Read test cookie, if there
  $cookie_received = (isset($_COOKIE['third_party_c_t']) && $_COOKIE['third_party_c_t'] == 'hey there!');
  // And clear it so the user can test it again 
  setcookie('third_party_c_t', '', time() - 3600*24);
?>
window._3rd_party_test_step2_loaded(<?php echo ($cookie_received ? 'true' : 'false'); ?>);

最后一行使用三元运算符输出文字 Javascript truefalse,具体取决于测试 cookie 是否存在.

The last line uses the ternary operator to output a literal Javascript true or false depending on whether the test cookie was present.

可在 https://alanhogan 获得测试乐趣.github.io/web-experiments/3rd/third-party-cookies.html.

(最后一点 - 未经他人许可,请勿使用他人的服务器来测试第三方 cookie.它可能会自发中断或注入恶意软件.这是不礼貌的.)

(As a final note — don’t use someone else’s server to test third-party cookies without their permission. It could break spontaneously or inject malware. And it’s rude.)

这篇关于检查是否启用了第三方 cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆