IE8的P3P设置标头似乎不起作用
[英]P3P set header for IE8 doesn't seem to work
问题描述
The below P3P setHeader code is present in my CASresponse jsp but doesn't seem to work, 
下面的P3P setHeader代码存在于我的CASresponse jsp中,但似乎不起作用,
response.setHeader("P3P","policyref=\"http://sso.mydomain.net/w3c/p3p.xml\",
CP=\"CAO IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
Am I missing something here? 我在这里想念什么吗? I am not able to get my third party cookies in IE8. 我无法在IE8中获得第三方Cookie。
Is policref required in the header? 标头中是否需要policref? Should i set a p3p policy for my domain? 我应该为我的域设置p3p策略吗?
Since its a CAS request should i set it when all requests come into CAS?? 由于它是一个CAS请求,当所有请求都进入CAS时我应该设置它吗? Say i have entryFilter.java should i set the P3P header there?? 说我有entryFilter.java我应该在那里设置P3P标头吗? Or after the cookie gets created. 或在创建cookie之后。
I am not able to retain the cookies when IE does a 302 redirect to my serviceUrl. 当IE 302重定向到我的serviceUrl时,我无法保留cookie。
3 个解决方案
解决方案1
4 2015-02-13 22:49:05
The short answer first :) 首先简短的回答:)
you can add the header simply as 您可以简单地添加标题为
response.setHeader("P3P", "CP=\"CAO IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
but as you need the header on all the resources, better go for the filter 但由于您需要所有资源上的标头,因此最好使用过滤器
public class P3PFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) res;
resp.addHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
filterChain.doFilter(req, resp);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
the long answer 长答案
I was suffering from the same issue a while back. 不久前,我遇到了同样的问题。 Probably just like you, I've did my homework and developed a fair understanding of what P3P policy is and how it is meant to be used. 大概就像您一样,我已经完成了功课,并对P3P政策及其用途有了一个清晰的了解。 What I was referencing at a time are 我一次引用的是
Official links 官方链接
http://www.w3.org/P3P/ http://www.w3.org/P3P/
http://p3ptoolbox.com/guide/ http://p3ptoolbox.com/guide/
Notable blogs 著名博客
http://www.marco.org/2007/04/27/p3p-sucks-how-to-get-frame-cookies-unblocked-in-ie6 http://www.marco.org/2007/04/27/p3p-sucks-how-to-get-frame-cookies-unblocked-in-ie6
http://www.techrepublic.com/blog/software-engineer/craft-a-p3p-policy-to-make-ie-behave/ http://www.techrepublic.com/blog/software-engineer/craft-a-p3p-policy-to-make-ie-behave/
Notable SO questions 值得注意的问题
Cookie blocked/not saved in IFRAME in Internet Explorer Cookie被阻止/未保存在Internet Explorer的IFRAME中
P3P Policy not working to allow 3rd party cookies in IE P3P策略无法在IE中允许第三方Cookie
despite all this I was still failing to make it work properly. 尽管有所有这些,但我仍然无法使其正常运行。 What I was failing to realize, and what I eventually learned with the help of this amazing book is that, quote 我未能意识到的是,最终我在这本惊人的书的帮助下学到了
in order to set third-party cookies for Internet Explorer users (with default security settings), you need to return a special P3P HTTP header with your resources that declares how your service intends to employ user data.
I suspect that this could be your issue as well, the P3P policy I use is almost exactly the same as yours, so you're not getting denied over an invalid policy. 我怀疑这也可能是您的问题,我使用的P3P政策与您的政策几乎完全相同,因此您不会因为无效政策而遭到拒绝。
I set my header without a URL to a p3p policy, as said in a techrepublic blog 正如Techrepublic博客中所述,我将没有URL的标头设置为p3p策略
IE does not compare the compact policy to the full-format policy, and the full-format policy is not needed
and this has proven true in my tests. 这在我的测试中证明是正确的。 This would mean that you can add the header simply as 这意味着您可以简单地将标题添加为
response.setHeader("P3P", "CP=\"CAO IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
However, as you need it in all the response better write a filter something like 但是,在所有响应中都需要它时,最好编写类似以下的过滤器
public class P3PFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse resp = (HttpServletResponse) res;
resp.addHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
filterChain.doFilter(req, resp);
}
public void init(FilterConfig arg0) throws ServletException {
}
}
and applied a filter to all requests. 并对所有请求应用了过滤器
<filter>
<filter-name>P3P Filter</filter-name>
<filter-class>your.package.P3PFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>P3P Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
解决方案2
0 2015-02-17 07:44:44
May this helps,try modifying your code with this: 可能有帮助,请尝试使用以下方法修改代码:
response.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'");
Also have a look at this: 也看看这个:
https://msdn.microsoft.com/en-us/library/ms537343(v=vs.85).aspx#unsatisfactory_cookies https://msdn.microsoft.com/en-us/library/ms537343(v=vs.85).aspx#unsatisfactory_cookies
解决方案3
0 2015-02-20 13:36:14
Basically just write the filter like here http://www.muneebahmad.com/index.php/archives/56 and use the 基本上,只需在此处编写过滤器即可http://www.muneebahmad.com/index.php/archives/56,然后使用
response.addHeader("P3P", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi
CONi HIS OUR IND CNT\"");
then just map it to the URLs you wish to add this header or use /* for all. 然后只需将其映射到您希望添加此标头的网址,或将/ *用于所有网址即可。
OR 要么
Here you will find almost similar question and accepted answer for the same with details sample code. 在这里,您将找到几乎相似的问题以及相同的答案以及详细的示例代码。
https://stackoverflow.com/questions/6121212/how-to-generate-and-deploy-p3p-privacy-policy-in-struts2-java https://stackoverflow.com/questions/6121212/how-to-generate-and-deploy-p3p-privacy-policy-in-struts2-java
Hope it will help.!! 希望对你有帮助!!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.