我可以将P3P响应标头添加到XMLHttpRequest吗?
[英]Can I add a P3P Response Header to XMLHttpRequest?
问题描述
I am using the AjaxFileUpload plugin in my code, but ie8 and ie10 are not sending the Cookie in the request header on the POST to AjaxFileUploadHandler.axd. 
我在代码中使用了AjaxFileUpload插件,但是ie8和ie10不在POST的请求标头中将Cookie发送到AjaxFileUploadHandler.axd。 I see the "eye" icon at the bottom of ie8 and see that AjaxFileUploadHandler.axd is "blobked", so this not sending of the cookie is on purpose. 我在ie8的底部看到“眼睛”图标,并且看到AjaxFileUploadHandler.axd被“ blobked”,因此故意不发送cookie。 I have the tag below in my own web.config, but the issue is the scripts for AjaxFileUpload are pulled in from a dll, and so even with this AjaxFileUploadHandler is still "blocked". 我在自己的web.config中具有以下标记,但是问题是AjaxFileUpload的脚本是从dll中提取的,因此即使AjaxFileUploadHandler仍然被“阻止”。 I downloaded the source code to the AjaxControlToolkit, which creates the dll for the project, and now I am trying to find where I can add the P3P header so that ie can be happy. 我将源代码下载到了AjaxControlToolkit,后者为项目创建了dll,现在我试图找到可以在其中添加P3P标头的位置,以便可以高兴。 I see XMLHttpRequest() in the code of the toolkit, is there any way to add this P3P header to it to satisfy ie? 我在工具箱的代码中看到了XMLHttpRequest(),是否有任何方法可以将P3P标头添加到它中以满足呢?
EDIT: The fix is to comment out iframe.security = "restricted"; 编辑:解决方法是注释掉iframe.security =“ restricted”; I updated the code below. 我更新了下面的代码。
<httpProtocol>
<customHeaders>
<add name="P3P" value='CP="Potato"'/>
</customHeaders>
</httpProtocol>
In particular this issue is with the iframe that the toolkit uses. 特别是此问题与工具包使用的iframe有关。 Is there any way to just add P3P to the iFrame? 有什么方法可以将P3P添加到iFrame吗?
this.createIFrame = function() {
var name = this._iframeName,
iframe = document.createElement("IFRAME");
iframe.width = "0";
iframe.height = "0";
iframe.style.display = "none";
iframe.src = "about:blank";
//iframe.src = "javascript:'<script>window.onload=function(){document.write(\\'<script>document.domain=\\\"" + document.domain + "\\\";<\\\\/script>\\');document.close();};<\/script>'";
iframe.id = name;
iframe.name = name;
//iframe.security = "restricted";
document.body.appendChild(iframe);
iframe.contentWindow.name = name;
$addHandlers(iframe, {
load: Function.createDelegate(this, this.onIFrameLoadedHandler)
});
this._iframe = iframe;
};
this.onIFrameLoadedHandler = function (e) {
/// <summary>
/// Event handler to capture when iframe receive response from server.
/// </summary>
/// <param name="e"></param>
if (!control._currentFileId)
return;
try {
var iframe = this._iframe, doc = null;
// Only test the iframe data, exception should thrown if something went wrong.
if (iframe.contentDocument)
// Firefox, Opera
doc = iframe.contentDocument;
else if (iframe.contentWindow)
// Internet Explorer
doc = iframe.contentWindow.document;
else if (iframe.document)
// Others?
doc = iframe.document;
if (doc == null)
throw "Document not initialized";
// finalizing and upload next file
control.doneAndUploadNextFile(control.getCurrentFileItem());
} catch (e) {
// Cancelation / aborting upload can causing 'Access is denied' or 'Permission denied' on IE 9 bellow,
// let's consider this exception is not trully error exception from server.
if (!control._canceled || !(e.message && (e.message.indexOf("Access is denied") > -1 || e.message.indexOf("Permission denied") > -1))) {
this.raiseUploadError(e);
throw e;
}
}
};
1 个解决方案
解决方案1
0 已采纳 2014-12-15 18:54:36
The fix for this was to remove one little line: 解决此问题的方法是删除一行:
iframe.security = "restricted";
Keeping that line in there makes ie treat the iframe with the same level of security as a site in the user's "Restricted" list. 保持该行不变,即使iframe的安全级别与用户的“受限制”列表中的站点相同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.