Hi, I've created an appliation using Google App Engine that integrates with Google Accounts using login/logout URLs as described here: http://code.google.com/appengine/docs/python/users/loginurls.html. Everything works great when running the application directly. You can check out the app here: http://www.paymeplz.com/free
But recently I decided to build a Google Gadget that contains a snippet of my functionality in a the "home" Gadget view, and the whole thing in the "canvas" view using the URL approach to defining my Gadget .xml file as described here: http://code.google.com/apis/gadgets/docs/fundamentals.html#Content_Type The gadget resides here: http://www.paymeplz.com/gadget.xml It worked fine under Firefox and Chrome, but when I ran the Gadget under IE I discovered that the login functionality didn't work. I could follow the login URL to the Google Account login page, login and when re-directed back to my app the users.get_current_user() function would return nothing as if the user wasn't logged in. I quickly suspected cookies and dug around to discover the fact that IE, starting with version 6, started blocking "third party" cookies that didn't have a W3C P3P policy. I've never dealt with cookies much before, and I definitely wasn't familiar with P3P policies and how they impact delivery of cookies between servers and browsers. This site describes it well: http://www.p3ptoolbox.org/guide/section2.shtml After some research into the P3P topic, I realized I needed to configure a P3P policy and deploy it on my App Engine site. A little trial, error and free software from IBM got my policy setup and visible to the browsers including IE. But my cookies were still getting blocked by IE when running in the iGoogle Gadget container (ie. a "third party" cookie). Further research revealed that IE looks not only at the P3P policy files stored on your server, as required by the W3C specification, they also require a "Compact Policy" to be embedded in the HTTP HEADER response from the server to the browser. A little poking around the Python doc revealed the self.response.headers.add_header() function which allowed me to send the requisite P3P headers for the Compact Policy. After these steps IE would allow my cookies through. Hooray! Right? Wrong. Then I found that my cookies were still getting blocked during the login process. Here's why: IE requires both the policy files on the server and the Compact Policy in the HTTP HEADER. And the only way to set the HTTP header is programatically in the request handler .py program. Handler progams for the URLs used in the Login process reside in the reserved _ah directory which cannot be accessed as described here: http://code.google.com/appengine/docs/python/tools/configuration.html#Reserved_URLs So, the pages I emit from my .py programs can get cookies through to IE under a Gadget, but it's all for naught if the crucial Login step can't get it's cookie through. Is there any way to set the default HTTP HEADERs for my entire app through some configuration setting? Or is there a way to over-ride the HEADERs in the responses generated by the login programs in _ah? Any other suggestions? Thanks for your time, Jim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
