IFRAME，跨域饼干，P3P策略，和Safari错误：一个必需的防伪标记不提供或无效 [英] Iframe, cross-domain cookies, p3p policy, and safari with error: A required anti-forgery token was not supplied or was invalid

问题描述

我问这个<一个href=\"http://stackoverflow.com/questions/5304056/antiforgery-token-exception-only-when-debugger-is-run\">question而回，发现在iframe IE块跨域的Cookie，除非你设置了 P3P策略。到目前为止，P3P修复已经在IE工作精美。然而，现在我们得到的Safari同样的错误。

I asked this question a while back and found that IE blocks cross-domain cookies in an iframe unless you set a p3p policy. So far, the p3p fix has worked beautifully in ie. However, now we are getting the same error in safari.

我发现了一个不同的文章<一个href=\"http://www.pearltrees.com/#/N-play=1&N-u=1_2&N-p=4967389&N-s=1_797755&N-f=1_797755&N-fa=2\">p3p Safari的政策。我说这个code来设置P3P政策，但我仍然得到一个请求验证令牌错误。

I found an article with a different p3p policy for safari. I added this code to set up the p3p policy, but I am still getting a request verification token error.

public static void SetP3PCompactPolicy()
{
    HttpContext current = HttpContext.Current;

    if (current.Request.UserAgent.ToLower().IndexOf("safari") >= 0)
        HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA\"");
    else
        HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}

我不知道任何的意思，但它不工作Safari的（5）。

I'm not sure what any of that means, but it isn't working for Safari (5).

此外，当我得到一个服务器错误，所有信息都在一个报告中，包括所有的HTTP头送给我的。在P3P头中的这些错误永远不会到来通过。我不知道这是由设计，或者如果它是问题的事情的指示。

Also, when I get a server error, all information is sent to me in a report, including all the http headers. The p3p header never comes through in these errors. I'm not sure if that is by design or if it is an indicator of the issue going on.

推荐答案

的问题是，Safari浏览器不允许一个cookie的iframe中，除非用户与该iframe交互进行设置。对于一些人来说，这意味着点击一个链接。我发现了一个更好的解决方案，它是做一个重定向。

The issue is that Safari does not allow a cookie to be set in an iframe unless the user interacts with that iframe. For some, that means clicking a link. I found a better solution which is to do a redirect.

首先，我把这种形式我的网页上。其实，我把它放在所使用的在iframe送达每个视图母版。

First, I put this form on my page. Actually, I put it in the masterpage that is used by every view served in the iframe.

<% if(SecurityHelper.BrowserIsSafari) { %>
    <% using (Html.BeginForm("SafariRedirect", "Framed", FormMethod.Post, new { id="safari-fix-form" })) { %>
       <%: Html.Hidden("safariRedirectUrl")%>
    <% } %>
<% } %>

由于我只希望这当用户使用Safari工作，我在一个静态辅助类创造了这个属性来检查用户代理

Because I only want this to work when the user is using safari, I created this property in a static helper class to check the useragent

public static bool BrowserIsSafari
{
    get { return HttpContext.Current.Request.UserAgent.ToLower().IndexOf("safari") >= 0; }
}

然后，在我的控制器，我有以下作用

Then, in my controller, I have the following action

[HttpPost]
public ActionResult SafariRedirect(string safariRedirectUrl)
{
    Response.Cookies.Add(new HttpCookie("safari_cookie_fix", "cookie ok"));

    return Redirect(safariRedirectUrl);
}

在我的母版，在标题中，我有在同一声明我的脚本如果确定的形式呈现声明。在我的脚本文件，我有这样的jQuery

In my masterpage, in the header, I have my script declared within the same if statement that determines if the form is rendered. In my script file, I have this jquery

$(function () {

    if ($.browser.safari == true && document.cookie.indexOf("safari_cookie_fix") == -1) {
        var url = location.href;

        $('#safariRedirectUrl').val(url);
        $('#safari-fix-form').submit();
    }

});

第一次的iframe加载一个页面，如果是Safari和cookie不会设置，形式发布，Cookie集，用户被重定向回相同的URL。

The first time the iframe loads a page, if it is safari and the cookie isn't set, the form is posted, the cookie set, and the user is redirected back to the same url.

这篇关于IFRAME，跨域饼干，P3P策略，和Safari错误：一个必需的防伪标记不提供或无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！