Login

P3P Headers for iframes

Author:
jeverling
Posted:
June 5, 2008
Language:
Python
Version:
.96
Tags:
p3p ie7 internet explorer iframe privacy
Score:
2 (after 2 ratings)

This is nothing fancy and hasn't much to do with django itself, I just searched for this information for quite a while and thought it may be useful for others. If you use IE7 (and maybe IE6), it will block cookies in iframes, if the iframes content comes from another server (quite common, I think). The P3P specification lets you declare your privacy settings in a format interpretable by browsers, essentially you can tell IE that you adhere to "don't be evil", and are allowed to handle cookies afterwards. I don't think that makes much sense, but it seems that it is the only way to make IE accept cookies in iframes. I had no idea that django made it that incredibly easy to "patch" the response-header, but it does! :)

1
2
3
4
def index(request):
    response = render_to_response('mytemplate.html')
    response["P3P"] = 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'
    return response

More like this

  1. Ignore HTTP Accept-Language headers by fonso 7 years, 10 months ago
  2. Pass db.Field to newforms.Widget by guettli 7 years, 8 months ago
  3. Compact P3P policy header injection middleware by mwolgemuth 6 years, 6 months ago
  4. nginx x-accel-redirect protection of static files by sean 7 years, 4 months ago
  5. Avoid IE Brokenness When using Vary and Attachments by axiak 7 years, 11 months ago

Comments

Please login first before commenting.