[
https://issues.apache.org/jira/browse/SHINDIG-161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12587593#action_12587593
]
Chris Chabot commented on SHINDIG-161:
--------------------------------------
Added a P3P configuration value to config.php, and added the header to the
gadget renderer. If the value is empty it's ignored, else it sends the
configured header (with the default config value being CP="CAO PSA OUR" ).
Should find it's way into the repo in the next few days.
> Add P3P headers for generated Iframes
> -------------------------------------
>
> Key: SHINDIG-161
> URL: https://issues.apache.org/jira/browse/SHINDIG-161
> Project: Shindig
> Issue Type: Improvement
> Components: Gadgets Server - Java, Gadgets Server - PHP
> Reporter: Paul Lindner
>
> iGoogle adds a P3P header
> CP="CAO PSA OUR"
> This apparently exists to deal with this issue:
> http://support.microsoft.com/kb/323752
> SYMPTOMS
> If you implement a FRAMESET whose FRAMEs point to other Web sites on the
> networks of your partners or inside your network, but you use different
> top-level domain names, you may notice in Internet Explorer 6 that any
> cookies you try to set in those FRAMEs appear to be lost. This is most
> frequently experienced as a loss of session state in an Active Server Pages
> (ASP) or ASP.NET Web application. You try to access a variable in the Session
> object that you expect to exist, and a blank string is returned instead.
> You also see this problem in a FRAMEs context if your Web pages alternate
> between the use of Domain Name System (DNS) names and the use of Internet
> Protocol (IP) addresses.
> CAUSE
> Internet Explorer 6 introduced support for the Platform for Privacy
> Preferences (P3P) Project. The P3P standard notes that if a FRAMESET or a
> parent window references another site inside a FRAME or inside a child
> window, the child site is considered third party content. Internet Explorer,
> which uses the default privacy setting of Medium, silently rejects cookies
> sent from third party sites.
> RESOLUTION
> You can add a P3P compact policy header to your child content, and you can
> declare that no malicious actions are performed with the data of the user. If
> Internet Explorer detects a satisfactory policy, then Internet Explorer
> permits the cookie to be set.
> A simple compact policy that fulfills this criteria follows:
> P3P: CP="CAO PSA OUR"
> -----
> question -- is it valid to insert this?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
