Code
2023-11-21 05:00:03

ie浏览器IFRAME中Cookie被阻止/未保存

我有两个网站,比如说example.com和anotherexample.net。 在anotherexample.net/page.html上,我有一个IFRAME SRC=“http://example.com/someform.asp”。IFRAME显示一个表单供用户填写并提交到http://example.com/process.asp。当我在它自己的浏览器窗口中打开表单(“someform.asp”)时,一切正常。 然而,当我在ie6或ie7中加载someform.asp作为IFRAME时,example.com的cookie没有保存。在Firefox中,这个问题不会出现。

出于测试目的,我在http://newmoon.wz.cz/test/page.php上创建了一个类似的设置。

example.com使用基于cookie的会话(对此我无能为力),因此如果没有cookie, process.asp将无法执行。我如何迫使IE保存这些cookie ?

嗅探HTTP流量的结果:在GET /someform.asp响应中,有一个有效的每会话Set-Cookie报头(例如Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY),但在POST /process.asp请求中,根本没有Cookie报头。

Edit3:一些AJAX+服务器端脚本显然能够避开这个问题,但这看起来非常像一个bug,而且它还打开了一组全新的安全漏洞。我不希望我的应用程序使用漏洞+安全漏洞的组合只是因为它很容易。

编辑:P3P政策是根本原因,详细解释如下。

当前回答

这终于为我工作了(经过大量的忙乱和使用ibm策略生成器生成了一些策略)。您可以在这里下载策略生成器:http://www.softpedia.com/get/Security/Security-Related/P3P-Policy-Editor.shtml

我再也不能从IBM官方网站下载生成器了。

我在我的Web-App的根文件夹中创建了这些文件

/index.php
/w3c/policy.html (Human readable format)
/w3c/p3p.xml
/w3c/policy.p3p

Index.php:只发送一个额外的头文件:

header('P3P: policyref="/w3c/p3p.xml", CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV DEM"');

p3p.xml的内容

<META>
    <POLICY-REFERENCES>
        <POLICY-REF about="/w3c/policy.p3p#App">
            <INCLUDE>/</INCLUDE>
            <COOKIE-INCLUDE/>
        </POLICY-REF>
    </POLICY-REFERENCES>
</META>

policy.html文件的内容

<html> <head> <STYLE type="text/css"> title { color: #3333FF} </STYLE> <title>Privacy Statement for YOUR COMPANY NAME</title> </head> <body> <h1 class="title">Privacy Policy</h1> <!-- "About Us" section of privacy policy --> <h2>About Us</h2> <p>This is a privacy policy for YOUR COMPANY NAME. Our homepage on the Web is located at <a href="YOURWEBSITE"> YOURWEBSITE</a>. The full text of our privacy policy is available on the Web at <a href="ABSOLUTE URL OF THIS FILE"> ABSOLUTE URL OF THIS FILE</a> This policy does not tell users where they can go to exercise their opt-in or opt-out options. <p>We invite you to contact us if you have questions about this policy. You may contact us by mail at the following address: <pre>FIRSTNAME LASTNAME YOUR ADDRESS HERE </pre> <p>You may contact us by e-mail at <a href="mailto:info@YOURMAIL.de"> info@YOURMAIL.eu</a>. You may call us at TELEPHONENUMBER. <!-- "Privacy Seals" section of privacy policy --> <h2>Dispute Resolution and Privacy Seals</h2> <p>We have the following privacy seals and/or dispute resolution mechanisms. If you think we have not followed our privacy policy in some way, they can help you resolve your concern. <ul> <li> <b>Dispute</b>: Contact us for further information </ul> <!-- "Additional information" section of privacy policy --> <h2>Additional Information</h2> <p> This policy is valid for 1 day from the time that it is loaded by a client. </p> <!-- "Data Collection" section of privacy policy --> <h2>Data Collection</h2> <p>P3P policies declare the data they collect in groups (also referred to as "statements"). This policy contains 1 data group. <hr width="50%" align="center"> <h3>Group "App control data"</h3> <p>We collect the following information: <ul> <li>HTTP cookies</li> </ul> <p>This data will be used for the following purposes:</p> <ul> <li>Completion and support of the current activity.</li> <li>Web site and system administration.</li> <li>Research and development.</li> <li>Historical preservation.</li> <li>Other purposes<p>Control Flow of the application</p></li> </ul> <p>This data will be used by ourselves and our agents. <p>The data in this group has been marked as non-identifiable. This means that there is no reasonable way for the site to identify the individual person this data was collected from. <p>The following explanation is provided for why this data is collected:</p> <blockquote>This cookie data is only used to control the application within an iframe (e.g. a Facebook App)</blockquote> <!-- "Use of Cookies" section of privacy policy --> <hr width="50%" align="center"> <h2>Cookies</h2> <p>Cookies are a technology which can be used to provide you with tailored information from a Web site. A cookie is an element of data that a Web site can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. <p>Our site makes use of cookies. Cookies are used for the following purposes: <ul> <li>Site administration <li>Completing the user's current activity <li>Research and development <li>Other (Control Flow of the application) </ul> <!-- "Compact Policy Explanation" section of privacy policy --> <hr width="50%" align="center"> <h2>Compact Policy Summary</h2> <p>The compact policy which corresponds to this policy is: <pre> CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV" </pre> <p>The following table explains the meaning of each field in the compact policy. <center><table width="80%" border="1" cols="2"> <tr><td align="center" valign="top" width="20%"><b>Field</b></td><td align="center" valign="top" width="80%"><b>Meaning</b></td></tr> <tr><td align="left" valign="top" width="20%"><tt>CP=</tt></td> <td align="left" valign="top" width="80%">This is the compact policy header; it indicates that what follows is a P3P compact policy.</td></tr> <tr><td align="left" valign="top" width="20%"><tt>ALL</tt></td> <td align="left" valign="top" width="80%"> Access to all collected information is available. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>DSP</tt></td> <td align="left" valign="top" width="80%"> The policy contains at least one dispute-resolution mechanism. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>NID</tt></td> <td align="left" valign="top" width="80%"> The information collected is not personally identifiable. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>CURa</tt></td> <td align="left" valign="top" width="80%"> The data is used for completion of the current activity. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>ADMa</tt></td> <td align="left" valign="top" width="80%"> The data is used for site administration. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>DEVa</tt></td> <td align="left" valign="top" width="80%"> The data is used for research and development. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>HISa</tt></td> <td align="left" valign="top" width="80%"> The data is used for historical archival purposes. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>OTPa</tt></td> <td align="left" valign="top" width="80%"> The data is used for other purposes. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>OUR</tt></td> <td align="left" valign="top" width="80%"> The data is given to ourselves and our agents. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>NOR</tt></td> <td align="left" valign="top" width="80%"> The data is not kept beyond the current transaction. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>NAV</tt></td> <td align="left" valign="top" width="80%"> Navigation and clickstream data is collected. </td></tr> </table></center> <p>The compact policy is sent by the Web server along with the cookies it describes. For more information, see the P3P deployment guide at <a href="http://www.w3.org/TR/p3pdeployment">http://www.w3.org/TR/p3pdeployment</a>. <!-- "Policy Evaluation" section of privacy policy --> <hr width="50%" align="center"> <h2>Policy Evaluation</h2> <p>Microsoft Internet Explorer 6 will evaluate this policy's compact policy whenever it is used with a cookie. The actions IE will take depend on what privacy level the user has selected in their browser (Low, Medium, Medium High, or High; the default is Medium. In addition, IE will examine whether the cookie's policy is considered satisfactory or unsatisfactory, whether the cookie is a session cookie or a persistent cookie, and whether the cookie is used in a first-party or third-party context. This section will attempt to evaluate this policy's compact policy against Microsoft's stated behavior for IE6. <p><b>Note:</b> this evaluation is currently experimental and should not be considered a substitute for testing with a real Web browser. <p><b>Satisfactory policy</b>: this compact policy is considered <em>satisfactory</em> according to the rules defined by Internet Explorer 6. IE6 will accept cookies accompanied by this policy under the High, Medium High, Medium, Low, and Accept All Cookies settings. </body></html>

policy.p3p的内容

<?xml version="1.0"?>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
    <!-- Generated by IBM P3P Policy Editor version Beta 1.12 built 2/27/04 1:19 PM -->

    <!-- Expiry information for this policy -->
    <EXPIRY max-age="86400"/>

<POLICY
    name="App"
    discuri="ABSOLUTE URL TO policy.html"
    xml:lang="de">
    <!-- Description of the entity making this policy statement. -->
    <ENTITY>
    <DATA-GROUP>
<DATA ref="#business.name">COMPANY NAME</DATA>
<DATA ref="#business.contact-info.online.email">info@YOURMAIL.eu</DATA>
<DATA ref="#business.contact-info.online.uri">YOURWEBSITE</DATA>
<DATA ref="#business.contact-info.telecom.telephone.number">YOURPHONENUMBER</DATA>
<DATA ref="#business.contact-info.postal.organization">FIRSTNAME LASTNAME</DATA>
<DATA ref="#business.contact-info.postal.street">STREET</DATA>
<DATA ref="#business.contact-info.postal.city">CITY</DATA>
<DATA ref="#business.contact-info.postal.stateprov">STAGE</DATA>
<DATA ref="#business.contact-info.postal.postalcode">POSTALCODE</DATA>
<DATA ref="#business.contact-info.postal.country">Germany</DATA>
    </DATA-GROUP>
    </ENTITY>

    <!-- Disclosure -->
    <ACCESS><all/></ACCESS>


    <!-- Disputes -->
    <DISPUTES-GROUP>
        <DISPUTES resolution-type="service" service="YOURWEBSITE CONTACT FORM" short-description="Dispute">
            <LONG-DESCRIPTION>Contact us for further information</LONG-DESCRIPTION>
    <!-- No remedies specified -->
        </DISPUTES>
    </DISPUTES-GROUP>

    <!-- Statement for group "App control data" -->
    <STATEMENT>
        <EXTENSION optional="yes">
            <GROUP-INFO xmlns="http://www.software.ibm.com/P3P/editor/extension-1.0.html" name="App control data"/>
        </EXTENSION>

    <!-- Consequence -->
    <CONSEQUENCE>
This cookie data is only used to control the application within an iframe (e.g. a Facebook App)</CONSEQUENCE>

    <!-- Data in this statement is marked as being non-identifiable -->
    <NON-IDENTIFIABLE/>

    <!-- Use (purpose) -->
    <PURPOSE><admin/><current/><develop/><historical/><other-purpose>Control Flow of the application</other-purpose></PURPOSE>

    <!-- Recipients -->
    <RECIPIENT><ours/></RECIPIENT>

    <!-- Retention -->
    <RETENTION><no-retention/></RETENTION>

    <!-- Base dataschema elements. -->
    <DATA-GROUP>
    <DATA ref="#dynamic.cookies"><CATEGORIES><navigation/></CATEGORIES></DATA>
    </DATA-GROUP>
</STATEMENT>

<!-- End of policy -->
</POLICY>
</POLICIES>
2015-02-26 18:38:40

其他回答

我知道现在在这个问题上发表我的观点有点晚了,但我浪费了这么多时间,也许这个答案会帮助到别人。

我试图在我的网站上调用第三方cookie,当然它不能在ie10上工作,即使是在低安全级别…别问我为什么。在iframe中,我用ajax调用read_cookie.php (echo $_COOKIE)。

我不知道为什么我不能设置P3P策略来解决这个问题……

在我的搜索过程中,我看到了一些关于在JSON中获得cookie的工作。我甚至没有尝试,因为我认为如果cookie不会通过iframe,它将不会再通过数组…

你猜怎么着,确实如此!所以如果你json_encode你的cookie,然后解码后你的ajax请求,你会得到它!

也许我错过了什么,如果我错过了,我很抱歉,但我从没见过这么蠢的东西。阻止第三方cookie的安全性,为什么不,但让它通过编码?保安现在在哪里?

我希望这篇文章能帮助别人,如果我错过了什么,我很笨,请教育我!

2012-12-12 18:37:56

如果有人在寻找阿帕奇线;我们用了这个。

头集P3P "CP=\"谢谢IE8\""

只要有P3P报头,我们将CP值设置为什么并不重要。

2014-01-07 22:06:01

我也有这个问题,我想我会张贴我在我的MVC2项目中使用的代码。当你在页面生命周期中添加头时要小心,否则你会得到一个HttpException“服务器不能在HTTP头发送后追加头”。我在onactionexecution方法上使用了自定义ActionFilterAttribute(在动作执行之前调用)。

/// <summary>
/// Privacy Preferences Project (P3P) serve a compact policy (a "p3p" HTTP header) for all requests
/// P3P provides a standard way for Web sites to communicate about their practices around the collection, 
/// use, and distribution of personal information. It's a machine-readable privacy policy that can be 
/// automatically fetched and viewed by users, and it can be tailored to fit your company's specific policies.
/// </summary>
/// <remarks>
/// More info http://www.oreillynet.com/lpt/a/1554
/// </remarks>
public class P3PAttribute : ActionFilterAttribute
{
    /// <summary>
    /// On Action Executing add a compact policy "p3p" HTTP header
    /// </summary>
    /// <param name="filterContext"></param>
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

        base.OnActionExecuting(filterContext);
    }
}

使用示例:

[P3P]
public class HomeController : Controller
{
    public ActionResult Index()
    {
        ViewData["Message"] = "Welcome!";

        return View();
    }

    public ActionResult About()
    {
        return View();
    }
}
2011-10-27 19:21:55

这终于为我工作了(经过大量的忙乱和使用ibm策略生成器生成了一些策略)。您可以在这里下载策略生成器:http://www.softpedia.com/get/Security/Security-Related/P3P-Policy-Editor.shtml

我再也不能从IBM官方网站下载生成器了。

我在我的Web-App的根文件夹中创建了这些文件

/index.php
/w3c/policy.html (Human readable format)
/w3c/p3p.xml
/w3c/policy.p3p

Index.php:只发送一个额外的头文件:

header('P3P: policyref="/w3c/p3p.xml", CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV DEM"');

p3p.xml的内容

<META>
    <POLICY-REFERENCES>
        <POLICY-REF about="/w3c/policy.p3p#App">
            <INCLUDE>/</INCLUDE>
            <COOKIE-INCLUDE/>
        </POLICY-REF>
    </POLICY-REFERENCES>
</META>

policy.html文件的内容

<html> <head> <STYLE type="text/css"> title { color: #3333FF} </STYLE> <title>Privacy Statement for YOUR COMPANY NAME</title> </head> <body> <h1 class="title">Privacy Policy</h1> <!-- "About Us" section of privacy policy --> <h2>About Us</h2> <p>This is a privacy policy for YOUR COMPANY NAME. Our homepage on the Web is located at <a href="YOURWEBSITE"> YOURWEBSITE</a>. The full text of our privacy policy is available on the Web at <a href="ABSOLUTE URL OF THIS FILE"> ABSOLUTE URL OF THIS FILE</a> This policy does not tell users where they can go to exercise their opt-in or opt-out options. <p>We invite you to contact us if you have questions about this policy. You may contact us by mail at the following address: <pre>FIRSTNAME LASTNAME YOUR ADDRESS HERE </pre> <p>You may contact us by e-mail at <a href="mailto:info@YOURMAIL.de"> info@YOURMAIL.eu</a>. You may call us at TELEPHONENUMBER. <!-- "Privacy Seals" section of privacy policy --> <h2>Dispute Resolution and Privacy Seals</h2> <p>We have the following privacy seals and/or dispute resolution mechanisms. If you think we have not followed our privacy policy in some way, they can help you resolve your concern. <ul> <li> <b>Dispute</b>: Contact us for further information </ul> <!-- "Additional information" section of privacy policy --> <h2>Additional Information</h2> <p> This policy is valid for 1 day from the time that it is loaded by a client. </p> <!-- "Data Collection" section of privacy policy --> <h2>Data Collection</h2> <p>P3P policies declare the data they collect in groups (also referred to as "statements"). This policy contains 1 data group. <hr width="50%" align="center"> <h3>Group "App control data"</h3> <p>We collect the following information: <ul> <li>HTTP cookies</li> </ul> <p>This data will be used for the following purposes:</p> <ul> <li>Completion and support of the current activity.</li> <li>Web site and system administration.</li> <li>Research and development.</li> <li>Historical preservation.</li> <li>Other purposes<p>Control Flow of the application</p></li> </ul> <p>This data will be used by ourselves and our agents. <p>The data in this group has been marked as non-identifiable. This means that there is no reasonable way for the site to identify the individual person this data was collected from. <p>The following explanation is provided for why this data is collected:</p> <blockquote>This cookie data is only used to control the application within an iframe (e.g. a Facebook App)</blockquote> <!-- "Use of Cookies" section of privacy policy --> <hr width="50%" align="center"> <h2>Cookies</h2> <p>Cookies are a technology which can be used to provide you with tailored information from a Web site. A cookie is an element of data that a Web site can send to your browser, which may then store it on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. <p>Our site makes use of cookies. Cookies are used for the following purposes: <ul> <li>Site administration <li>Completing the user's current activity <li>Research and development <li>Other (Control Flow of the application) </ul> <!-- "Compact Policy Explanation" section of privacy policy --> <hr width="50%" align="center"> <h2>Compact Policy Summary</h2> <p>The compact policy which corresponds to this policy is: <pre> CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV" </pre> <p>The following table explains the meaning of each field in the compact policy. <center><table width="80%" border="1" cols="2"> <tr><td align="center" valign="top" width="20%"><b>Field</b></td><td align="center" valign="top" width="80%"><b>Meaning</b></td></tr> <tr><td align="left" valign="top" width="20%"><tt>CP=</tt></td> <td align="left" valign="top" width="80%">This is the compact policy header; it indicates that what follows is a P3P compact policy.</td></tr> <tr><td align="left" valign="top" width="20%"><tt>ALL</tt></td> <td align="left" valign="top" width="80%"> Access to all collected information is available. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>DSP</tt></td> <td align="left" valign="top" width="80%"> The policy contains at least one dispute-resolution mechanism. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>NID</tt></td> <td align="left" valign="top" width="80%"> The information collected is not personally identifiable. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>CURa</tt></td> <td align="left" valign="top" width="80%"> The data is used for completion of the current activity. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>ADMa</tt></td> <td align="left" valign="top" width="80%"> The data is used for site administration. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>DEVa</tt></td> <td align="left" valign="top" width="80%"> The data is used for research and development. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>HISa</tt></td> <td align="left" valign="top" width="80%"> The data is used for historical archival purposes. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>OTPa</tt></td> <td align="left" valign="top" width="80%"> The data is used for other purposes. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>OUR</tt></td> <td align="left" valign="top" width="80%"> The data is given to ourselves and our agents. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>NOR</tt></td> <td align="left" valign="top" width="80%"> The data is not kept beyond the current transaction. </td></tr> <tr><td align="left" valign="top" width="20%"><tt>NAV</tt></td> <td align="left" valign="top" width="80%"> Navigation and clickstream data is collected. </td></tr> </table></center> <p>The compact policy is sent by the Web server along with the cookies it describes. For more information, see the P3P deployment guide at <a href="http://www.w3.org/TR/p3pdeployment">http://www.w3.org/TR/p3pdeployment</a>. <!-- "Policy Evaluation" section of privacy policy --> <hr width="50%" align="center"> <h2>Policy Evaluation</h2> <p>Microsoft Internet Explorer 6 will evaluate this policy's compact policy whenever it is used with a cookie. The actions IE will take depend on what privacy level the user has selected in their browser (Low, Medium, Medium High, or High; the default is Medium. In addition, IE will examine whether the cookie's policy is considered satisfactory or unsatisfactory, whether the cookie is a session cookie or a persistent cookie, and whether the cookie is used in a first-party or third-party context. This section will attempt to evaluate this policy's compact policy against Microsoft's stated behavior for IE6. <p><b>Note:</b> this evaluation is currently experimental and should not be considered a substitute for testing with a real Web browser. <p><b>Satisfactory policy</b>: this compact policy is considered <em>satisfactory</em> according to the rules defined by Internet Explorer 6. IE6 will accept cookies accompanied by this policy under the High, Medium High, Medium, Low, and Accept All Cookies settings. </body></html>

policy.p3p的内容

<?xml version="1.0"?>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
    <!-- Generated by IBM P3P Policy Editor version Beta 1.12 built 2/27/04 1:19 PM -->

    <!-- Expiry information for this policy -->
    <EXPIRY max-age="86400"/>

<POLICY
    name="App"
    discuri="ABSOLUTE URL TO policy.html"
    xml:lang="de">
    <!-- Description of the entity making this policy statement. -->
    <ENTITY>
    <DATA-GROUP>
<DATA ref="#business.name">COMPANY NAME</DATA>
<DATA ref="#business.contact-info.online.email">info@YOURMAIL.eu</DATA>
<DATA ref="#business.contact-info.online.uri">YOURWEBSITE</DATA>
<DATA ref="#business.contact-info.telecom.telephone.number">YOURPHONENUMBER</DATA>
<DATA ref="#business.contact-info.postal.organization">FIRSTNAME LASTNAME</DATA>
<DATA ref="#business.contact-info.postal.street">STREET</DATA>
<DATA ref="#business.contact-info.postal.city">CITY</DATA>
<DATA ref="#business.contact-info.postal.stateprov">STAGE</DATA>
<DATA ref="#business.contact-info.postal.postalcode">POSTALCODE</DATA>
<DATA ref="#business.contact-info.postal.country">Germany</DATA>
    </DATA-GROUP>
    </ENTITY>

    <!-- Disclosure -->
    <ACCESS><all/></ACCESS>


    <!-- Disputes -->
    <DISPUTES-GROUP>
        <DISPUTES resolution-type="service" service="YOURWEBSITE CONTACT FORM" short-description="Dispute">
            <LONG-DESCRIPTION>Contact us for further information</LONG-DESCRIPTION>
    <!-- No remedies specified -->
        </DISPUTES>
    </DISPUTES-GROUP>

    <!-- Statement for group "App control data" -->
    <STATEMENT>
        <EXTENSION optional="yes">
            <GROUP-INFO xmlns="http://www.software.ibm.com/P3P/editor/extension-1.0.html" name="App control data"/>
        </EXTENSION>

    <!-- Consequence -->
    <CONSEQUENCE>
This cookie data is only used to control the application within an iframe (e.g. a Facebook App)</CONSEQUENCE>

    <!-- Data in this statement is marked as being non-identifiable -->
    <NON-IDENTIFIABLE/>

    <!-- Use (purpose) -->
    <PURPOSE><admin/><current/><develop/><historical/><other-purpose>Control Flow of the application</other-purpose></PURPOSE>

    <!-- Recipients -->
    <RECIPIENT><ours/></RECIPIENT>

    <!-- Retention -->
    <RETENTION><no-retention/></RETENTION>

    <!-- Base dataschema elements. -->
    <DATA-GROUP>
    <DATA ref="#dynamic.cookies"><CATEGORIES><navigation/></CATEGORIES></DATA>
    </DATA-GROUP>
</STATEMENT>

<!-- End of policy -->
</POLICY>
</POLICIES>
2015-02-26 18:38:40

这是一个很好的话题,但我发现一个重要的细节(这是必不可少的,至少在我的情况下),没有张贴在这里或其他任何地方(我道歉,如果我刚刚错过了它)是P3P行必须在每个文件的头从第三方服务器发送,甚至文件没有设置或使用cookie,如Javascript文件或图像。否则cookie将被阻止。我有更多关于这个的帖子在这里:http://posheika.net/?p=110

2010-08-23 22:44:45

推荐文章

aliyun

最新文章

标签

2024 code 京ICP备15047053号-1