检查是否已启用第三方Cookie [英] Check if third-party cookies are enabled
问题描述
我有一个应用程序需要检查客户端浏览器是否启用了第三方Cookie。
技术背景
第三方设置&
因此,我们需要向外部网域发出两个请求,以测试是否启用了第三方Cookie:
- 第三方设置Cookie的位置
- 第二个,响应取决于浏览器
我们不能使用XMLHTTPRequest(Ajax),因为DOM安全模型。
很明显,您无法并行加载这两个脚本,或者可能在第一个请求的响应之前发出第二个请求
代码示例
给定:
-
.html档案位于一个网域, p> -
li>.js.php档案位于第二个网域,我们有:
HTML测试页
另存为 party-cookies.html
<!DOCTYPE html&
< html>
< head id =head>
< meta charset = utf-8 />
< title>测试第三方Cookie是否已启用< / title>
< style type =text / css>
body {
color:black;
background:white none;
}
.error {
color:#c00;
}
.loading {
color:#888;
}
.hidden {
display:none;
}
< / style>
< script type =text / javascript>
window._3rd_party_test_step1_loaded = function(){
//现在,第三方域现在尝试设置一个cookie(如果所有都进行计划)
var step2Url =' http://third-party.example.com/step2.js.php',
resultsEl = document.getElementById('3rd_party_cookie_test_results'),
step2El = document.createElement('script');
//更新加载/结果消息
resultsEl.innerHTML ='第一阶段完成,加载阶段2& hellip;';
//加载测试的第二部分(读取cookie)
step2El.setAttribute('src',step2Url);
resultEl.appendChild(step2El);
}
window._3rd_party_test_step2_loaded = function(cookieSuccess){
var resultsEl = document.getElementById('3rd_party_cookie_test_results'),
errorEl = document.getElementById('3rd_party_cookie_test_error');
//显示消息
resultsEl.innerHTML =(cookieSuccess?'第三方Cookie在您的浏览器中是< b>功能< / b>':'第三方Cookie似乎是< b&禁用< / b>。
// Done,so remove loading class
resultsEl.className = resultsEl.className.replace(/ \bloading\b /,'');
//删除错误消息
errorEl.className ='hidden';
}
< / script>
< / head>
< body id =thebody>
< h1>测试第三方Cookie是否已启用< / h1>
< p id =3rd_party_cookie_test_resultsclass ='loading'> Testing& hellip;< / p>
< p id =3rd_party_cookie_test_errorclass =error hidden>(如果此消息仍然存在,则无法完成测试;我们无法联系到第三方进行测试,或发生其他错误)。 < / p>
< script type =text / javascript>
window.setTimeout(function(){
var errorEl = document.getElementById('3rd_party_cookie_test_error');
if(errorEl.className.match(/ \berror\b /)) {
//显示错误讯息
errorEl.className = errorEl.className.replace(/ \bhidden\b /,'');
} else {
}
},7 * 1000); // 7秒timeout
< / script>
< script type =text / javascriptsrc =http://third-party.example.com/step1.js.php>< / script>
< / body>
< / html>
第一个第三方JavaScript文件
另存为 step1.js.php
这是用PHP编写的,所以我们可以将Cookie设置为文件加载。 (它当然可以用任何语言编写,甚至可以在服务器配置文件中完成。)
<?php
header('Content-Type:application / javascript; charset = UTF-8');
//设置测试cookie
setcookie('third_party_c_t','hey there!',time()+ 3600 * 24 * 2);
?>
window._3rd_party_test_step1_loaded();
第二个第三方JavaScript文件
保存为 step2.js.php
这是用PHP编写的,所以我们可以读取cookies,服务器端,我们回应之前。我们也清除了cookie,所以测试可以重复(如果你想弄乱浏览器设置并重试)。
<?php
header('Content-Type:application / javascript; charset = UTF-8');
//读取测试cookie,如果有
$ cookie_received =(isset($ _ COOKIE ['third_party_c_t'])&& $ _COOKIE ['third_party_c_t'] =='hey there!
//清除它,所以用户可以再次测试
setcookie('third_party_c_t','',time() - 3600 * 24);
?>
window._3rd_party_test_step2_loaded(<?php echo($ cookie_received?'true':'false');?>);
最后一行使用三元运算符输出一个文本Javascript true 或 false 。
在此处测试。
可用欢迎您访问 https://dl.dropbox.com/u/105727 /web/3rd/third-party-cookies.html 。
(最后注意 - 不要使用他人的服务器
强烈>在未经他们允许的情况下测试第三方Cookie,可能会自动中断或注入恶意软件,而且很粗鲁。)I have an application that needs to check whether the client browser has third-party-cookies enabled. Does anyone know how to do this in JavaScript?
Technical Background
The third party sets & reads cookies over HTTP (not in JavaScript).
So we need two requests to an external domain to test if third-party cookies are enabled:
- One where the third party sets the cookie(s)
- The second, with a differing response depending on whether the browser sent the cookie(s) back to the same third party in a second request.
We cannot use XMLHTTPRequest (Ajax) because of the DOM security model.
Obviously you can't load both scripts in parallel, or the second request may be made before the first request’s response makes it back, and the test cookie(s) will not have been set.
Code Example
Given:
The
.htmlfile is on one domain, andThe
.js.phpfiles are on a second domain, we have:
The HTML test page
Saved as third-party-cookies.html
<!DOCTYPE html>
<html>
<head id="head">
<meta charset=utf-8 />
<title>Test if Third-Party Cookies are Enabled</title>
<style type="text/css">
body {
color: black;
background: white none;
}
.error {
color: #c00;
}
.loading {
color: #888;
}
.hidden {
display: none;
}
</style>
<script type="text/javascript">
window._3rd_party_test_step1_loaded = function(){
// At this point, a third-party domain has now attempted to set a cookie (if all went to plan!)
var step2Url = 'http://third-party.example.com/step2.js.php',
resultsEl = document.getElementById('3rd_party_cookie_test_results'),
step2El = document.createElement('script');
// Update loading / results message
resultsEl.innerHTML = 'Stage one complete, loading stage 2…';
// And load the second part of the test (reading the cookie)
step2El.setAttribute('src', step2Url);
resultsEl.appendChild(step2El);
}
window._3rd_party_test_step2_loaded = function(cookieSuccess){
var resultsEl = document.getElementById('3rd_party_cookie_test_results'),
errorEl = document.getElementById('3rd_party_cookie_test_error');
// Show message
resultsEl.innerHTML = (cookieSuccess ? 'Third party cookies are <b>functioning</b> in your browser.' : 'Third party cookies appear to be <b>disabled</b>.');
// Done, so remove loading class
resultsEl.className = resultsEl.className.replace(/\bloading\b/,' ');
// And remove error message
errorEl.className = 'hidden';
}
</script>
</head>
<body id="thebody">
<h1>Test if Third-Party Cookies are Enabled</h1>
<p id="3rd_party_cookie_test_results" class='loading'>Testing…</p>
<p id="3rd_party_cookie_test_error" class="error hidden">(If this message persists, the test could not be completed; we could not reach the third-party to test, or another error occurred.)</p>
<script type="text/javascript">
window.setTimeout(function(){
var errorEl = document.getElementById('3rd_party_cookie_test_error');
if(errorEl.className.match(/\berror\b/)) {
// Show error message
errorEl.className = errorEl.className.replace(/\bhidden\b/,' ');
} else {
}
}, 7*1000); // 7 sec timeout
</script>
<script type="text/javascript" src="http://third-party.example.com/step1.js.php"></script>
</body>
</html>
The first third-party JavaScript file
Saved as step1.js.php
This is written in PHP so we can set cookies as the file loads. (It could, of course, be written in any language, or even done in server config files.)
<?php
header('Content-Type: application/javascript; charset=UTF-8');
// Set test cookie
setcookie('third_party_c_t', 'hey there!', time() + 3600*24*2);
?>
window._3rd_party_test_step1_loaded();
The second third-party JavaScript file
Saved as step2.js.php
This is written in PHP so we can read cookies, server-side, before we respond. We also clear the cookie so the test can be repeated (if you want to mess around with browser settings and re-try).
<?php
header('Content-Type: application/javascript; charset=UTF-8');
// Read test cookie, if there
$cookie_received = (isset($_COOKIE['third_party_c_t']) && $_COOKIE['third_party_c_t'] == 'hey there!');
// And clear it so the user can test it again
setcookie('third_party_c_t', '', time() - 3600*24);
?>
window._3rd_party_test_step2_loaded(<?php echo ($cookie_received ? 'true' : 'false'); ?>);
The last line uses the ternary operator to output a literal Javascript true or false depending on whether the test cookie was present.
Test it here.
Available for your testing pleasure at https://dl.dropbox.com/u/105727/web/3rd/third-party-cookies.html.
(As a final note — don’t use someone else’s server to test third-party cookies without their permission. It could break spontaneously, or inject malware. And it’s rude.)
这篇关于检查是否已启用第三方Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
