在HTML中设置P3P代码 [英] Set P3P code in HTML
问题描述
我已经研究过这个主题了。但有一件事我不明白,如果可以在纯HTML中设置P3P标签?就在第一个标签之前。
我试图获得一个iFrame登录解决方案在IE中工作。
我刚刚在PHP,ASP.NET等中发现了代码示例,但不是纯HTLM,如果甚至可能的话。
不幸的是,我遇到了同样的问题,最近试图从AWS S3提供静态HTML。 ,不可设置压缩策略而不发送服务器端响应头。
这意味着您不能静态设置压缩策略保留HTML内容。
第2.4节。 2的P3P部署文档明确提到这个(强调我的):
网站只有一种服务于紧凑政策的机制;它们作为HTTP响应标头发送。因此,如果某个网站无法或不愿意添加HTTP响应标头,则无法使用紧缩政策。 HTML元素META与http-equiv属性有时用于模拟将HTTP标头添加到HTML内容的效果。 ...不应该使用http-equiv机制来发送P3P紧凑策略标头,因为这些信息可能在客户端已经处理响应中的Cookie之后才会提供给客户端。
和< link rel =P3Pv1href =...> 元素无法设置Compact政策要么 - 它必须是响应标题。
底线是这样的:
您是否能够发送 p3p 响应头?
-
是:否则:您运气不好,无法设置精简政策。
对于Amazon S3:
p3p 标题被认为是一个用户定义的键,所以它只能被添加为 x-amz-meta-p3p 。
由于 x-amz-meta-p3p != p3p 浏览器将不会接受它作为正确的标题。
因此,您无法设置精简策略关于AWS S3内容。
I've researched this subject alot. But one thing I don't get if it is possible to set a P3P tag in plain HTML? Just before the first -tag.
Im trying to get an iFrame-login solution to work in IE.
I have just found code example in PHP, ASP.NET and so on but not in plain HTLM, if that is even possible.
I've encountered the same issue recently trying to serve static HTML from AWS S3.
Unfortunately, it is not possible to set Compact Policies without sending server-side response headers.
This means that you cannot set a Compact Policy on staticly-served HTML content.
Section 2.4.2 of the P3P deployment document explicitly mentions this (emphasis mine):
There is only one mechanism for sites to serve compact policies; they are sent as HTTP response headers. Thus, if a site is unable or unwilling to add HTTP response headers, compact policies cannot be used.
The HTML element META with the http-equiv attribute is sometimes used to simulate the effect of adding HTTP headers to HTML content. ... the http-equiv mechanism should not be used to send a P3P compact policy header, as this information may not be available to a client until after it has processed the cookies in the response.
The <meta http-equiv='p3p' content='CP="..."'/> and <link rel="P3Pv1" href="..."> elements cannot set the Compact Policy either - it must be a response header.
The bottom line is this:
Are you able to send the p3p response header?
Yes: Add the header with the appropriate policy and you are done.
No: You are out of luck and are unable to set a Compact Policy.
For Amazon S3:
The p3p header is considered a user-defined key so it can only be added as x-amz-meta-p3p.
Since x-amz-meta-p3p != p3p the browser will not accept it as the correct header.
Therefore you cannot set a Compact Policy on AWS S3 content.
这篇关于在HTML中设置P3P代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
