Iframe、跨域 cookies、p3p 策略和 safari 错误:未提供所需的防伪令牌或无效
[英]Iframe, cross-domain cookies, p3p policy, and safari with error: A required anti-forgery token was not supplied or was invalid
问题描述
I asked this question a while back and found that IE blocks cross-domain cookies in an iframe unless you set a p3p policy .
不久前我问了这个问题,发现 IE 在 iframe 中阻止跨域 cookies 除非您设置p3p policy 。 So far, the p3p fix has worked beautifully in ie.到目前为止,p3p 修复在 ie 中运行良好。 However, now we are getting the same error in safari.但是,现在我们在 safari 中遇到了同样的错误。
I found an article with a different p3p policy for safari.我发现一篇针对 safari 的p3p 策略不同的文章。 I added this code to set up the p3p policy, but I am still getting a request verification token error.我添加了此代码来设置 p3p 策略,但我仍然收到请求验证令牌错误。
public static void SetP3PCompactPolicy()
{
HttpContext current = HttpContext.Current;
if (current.Request.UserAgent.ToLower().IndexOf("safari") >= 0)
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA\"");
else
HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}
I'm not sure what any of that means, but it isn't working for Safari (5).我不确定这意味着什么,但它不适用于 Safari (5)。
Also, when I get a server error, all information is sent to me in a report, including all the http headers.此外,当我收到服务器错误时,所有信息都会在报告中发送给我,包括所有 http 标头。 The p3p header never comes through in these errors. p3p header 永远不会出现在这些错误中。 I'm not sure if that is by design or if it is an indicator of the issue going on.我不确定这是设计使然,还是表明问题正在发生。
1 个解决方案
解决方案1
9 已采纳 2011-05-26 13:53:23
The issue is that Safari does not allow a cookie to be set in an iframe unless the user interacts with that iframe.问题是 Safari 不允许在 iframe 中设置 cookie,除非用户与 iframe 交互。 For some, that means clicking a link.对于某些人来说,这意味着点击链接。 I found a better solution which is to do a redirect.我找到了一个更好的解决方案,即进行重定向。
First, I put this form on my page.首先,我把这个表格放在我的页面上。 Actually, I put it in the masterpage that is used by every view served in the iframe.实际上,我将它放在 iframe 中提供的每个视图所使用的母版页中。
<% if(SecurityHelper.BrowserIsSafari) { %>
<% using (Html.BeginForm("SafariRedirect", "Framed", FormMethod.Post, new { id="safari-fix-form" })) { %>
<%: Html.Hidden("safariRedirectUrl")%>
<% } %>
<% } %>
Because I only want this to work when the user is using safari, I created this property in a static helper class to check the useragent因为我只希望当用户使用 safari 时它才能工作,所以我在 static 助手 class 中创建了这个属性来检查用户代理
public static bool BrowserIsSafari
{
get { return HttpContext.Current.Request.UserAgent.ToLower().IndexOf("safari") >= 0; }
}
Then, in my controller, I have the following action然后,在我的 controller 中,我有以下操作
[HttpPost]
public ActionResult SafariRedirect(string safariRedirectUrl)
{
Response.Cookies.Add(new HttpCookie("safari_cookie_fix", "cookie ok"));
return Redirect(safariRedirectUrl);
}
In my masterpage, in the header, I have my script declared within the same if statement that determines if the form is rendered.在我的母版页中,在 header 中,我在同一 if 语句中声明了我的脚本,该语句确定是否呈现表单。 In my script file, I have this jquery在我的脚本文件中,我有这个 jquery
$(function () {
if ($.browser.safari == true && document.cookie.indexOf("safari_cookie_fix") == -1) {
var url = location.href;
$('#safariRedirectUrl').val(url);
$('#safari-fix-form').submit();
}
});
The first time the iframe loads a page, if it is safari and the cookie isn't set, the form is posted, the cookie set, and the user is redirected back to the same url. iframe 第一次加载页面时,如果是 safari 并且未设置 cookie,则将发布表单,设置 cookie,并将用户重定向回相同的 Z572D4E421E5E6B9BC11D8215E8A0Z。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.